CVE-2026-23173
Severity
5.5MEDIUM
EPSS
0.0%
top 97.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: TC, delete flows only for existing peers
When deleting TC steering flows, iterate only over actual devcom
peers instead of assuming all possible ports exist. This avoids
touching non-existent peers and ensures cleanup is limited to
devices the driver is currently connected to.
BUG: kernel NULL pointer dereference, address: 0000000000000008
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-pr…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux9be6c21fdcf8a7ec48262bb76f78c17ac2761ac6 — 62e1d8920f6920543f4b095a65fb964448c9901d+4
Patches
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 6.6.122/6.12.68/6.18.8 mlx5e null pointer dereference (Nessus ID 299177 / WID-SEC-2026-0421)↗2026-04-13
OSV▶
CVE-2026-23173: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flow↗2026-02-14
GHSA▶
GHSA-5vr5-28pm-p634: In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: TC, delete flows only for existing peers
When deleting TC steering fl↗2026-02-14