CVE-2026-23396 — NULL Pointer Dereference in Linux
Severity
8.2HIGH
No vectorEPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 26
Latest updateApr 20
Description
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix NULL deref in mesh_matches_local()
mesh_matches_local() unconditionally dereferences ie->mesh_config to
compare mesh configuration parameters. When called from
mesh_rx_csa_frame(), the parsed action-frame elements may not contain a
Mesh Configuration IE, leaving ie->mesh_config NULL and triggering a
kernel NULL pointer dereference.
The other two callers are already safe:
- ieee80211_mesh_rx_bcn_presp() che…
Affected Packages5 packages
▶CVEListV5linux/linux2e3c8736820bf72a8ad10721c7e31d36d4fa7790 — c1e3f2416fb27c816ce96d747d3e784e31f4d95c+6
🔴Vulnerability Details
4VulDB▶
Linux Kernel up to 7.0-rc4 net/mac80211/mesh.c mesh_matches_local null pointer dereference (EUVD-2026-16154 / WID-SEC-2026-0879)↗2026-04-20
GHSA▶
GHSA-w4qg-rh8m-6c8q: In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: fix NULL deref in mesh_matches_local()
mesh_matches_local() unco↗2026-03-26
OSV▶
CVE-2026-23396: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref in mesh_matches_local() mesh_matches_local() uncond↗2026-03-26