CVE-2026-23035NULL Pointer Dereference in Linux

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.1MEDIUM
No vector
EPSS
0.0%
top 98.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedJan 31

Description

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will work on a valid netdev. On mlx5e_remove: Check validity of priv->profile, before attempting to cleanup any resources that might be not there. This fixes a kernel oops in mlx5e_remove when switchdev mode fails due to cha

Affected Packages4 packages

Linuxlinux/linux_kernel5.12.06.12.67+1
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linuxc4d7eb57687f358cd498ea3624519236af8db97ea7625bacaa8c8c2bfcde6dd6d1397bd63ad82b02+3
debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2026-23035: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an un2026-01-31
OSV
net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv2026-01-31
GHSA
GHSA-5wr5-mxmx-fvmr: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an2026-01-31

📋Vendor Advisories

2
Red Hat
kernel: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv2026-01-31
Debian
CVE-2026-23035: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23035 Impact, Exploitability, and Mitigation Steps | Wiz