CVE-2026-45846 | Linux Kernel up to 7.1-rc1 bareudp ip6_udp_tunnel.c bareudp_fill_metadata_dst null pointer dereference

A vulnerability was found in Linux Kernel up to 6.6.140/6.12.90/6.18.32/7.0.9/7.1-rc1 and classified as critical. Affected by this issue is the function bareudp_fill_metadata_dst of the file net/ipv6/ip6_udp_tunnel.c of the component bareudp. The manipulation results in null pointer dereference.

This vulnerability was named CVE-2026-45846. The attack needs to be approached within the local network. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More