CVE-2026-23040 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

7.6HIGH

No vector

EPSS

0.0%

top 92.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This could result in a NULL pointer dereference in cfg80211_next_nan_dw_notif.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.18.0 — 6.18.6

▶Debianlinux/linux_kernel< 6.18.8-1

▶CVEListV5linux/linuxa37a6f54439bf82b827a7072415d3a4afa4e12bd — 1251bbdb8f5b2ea86ca9b4268a2e6aa34372ab33+2

▶debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-4mqx-ggc6-9qj3: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is↗2026-02-04

▶

OSV

CVE-2026-23040: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is f↗2026-02-04

▶

OSV

wifi: mac80211_hwsim: fix typo in frequency notification↗2026-02-04

▶

📋Vendor Advisories

Red Hat

kernel: wifi: mac80211_hwsim: fix typo in frequency notification↗2026-02-04

▶

Debian

CVE-2026-23040: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23040 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶