CVE-2026-23042 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 92.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedFeb 4

Description

In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, driver does not allocate vdev_info for this vport. This leads to kernel NULL pointer dereference in idpf_idc_vport_dev_down(), which references vdev_info for every vport regardless. Check, if vdev_info was ever allocated before unplugging aux device.

Affected Packages4 packages

▶Linuxlinux/linux_kernel6.17.0 — 6.18.6

▶Debianlinux/linux_kernel< 6.18.8-1

▶CVEListV5linux/linuxbe91128c579c86d295da4325f6ac4710e4e6d2b4 — 0ad6d6e50e9d8bf596cfe77a882ddc20b29f525a+2

▶debiandebian/linux< linux 6.18.8-1 (forky)

🔴Vulnerability Details

GHSA

GHSA-8936-48hj-4rqp: In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport fla↗2026-02-04

▶

OSV

CVE-2026-23042: In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags↗2026-02-04

▶

OSV

idpf: fix aux device unplugging when rdma is not supported by vport↗2026-02-04

▶

📋Vendor Advisories

Red Hat

kernel: idpf: fix aux device unplugging when rdma is not supported by vport↗2026-02-04

▶

Debian

CVE-2026-23042: linux - In the Linux kernel, the following vulnerability has been resolved: idpf: fix a...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23042 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶