CVE-2026-23320 — NULL Pointer Dereference in Kernel

CWE-476 — NULL Pointer Dereference7 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel

Timeline

PublishedMar 10

Latest updateMar 25

Description

usb: gadget: f_ncm: align net_device lifecycle with bind/unbind Mariner: Mariner Linux: Linux Customer Action Required: Yes

Affected Packages2 packages

▶Linuxlinux/linux_kernel3.11.0 — 6.18.17+1

▶Debianlinux/linux_kernel< 6.19.8-1

🔴Vulnerability Details

OSV

CVE-2026-23320: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: align net_device lifecycle with bind/unbind Currently, the net↗2026-03-25

▶

GHSA

GHSA-8459-cmh7-px33: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: align net_device lifecycle with bind/unbind Currently, the n↗2026-03-25

▶

OSV

usb: gadget: f_ncm: align net_device lifecycle with bind/unbind↗2026-03-25

▶

📋Vendor Advisories

Red Hat

kernel: usb: gadget: f_ncm: align net_device lifecycle with bind/unbind↗2026-03-25

▶

Microsoft

usb: gadget: f_ncm: align net_device lifecycle with bind/unbind↗2026-03-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23320 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2026-23320 kernel: usb: gadget: f_ncm: align net_device lifecycle with bind/unbind↗2026-03-25

▶