CVE-2026-23438 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

—N/A

No vector

EPSS

0.0%

top 90.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with global_tx_fc in buffer switching mvpp2_bm_switch_buffers() unconditionally calls mvpp2_bm_pool_update_priv_fc() when switching between per-cpu and shared buffer pool modes. This function programs CM3 flow control registers via mvpp2_cm3_read()/mvpp2_cm3_write(), which dereference priv->cm3_base without any NULL check. When the CM3 SRAM resource is not present in the device tree (the …

Affected Packages3 packages

▶Debianlinux/linux_kernel< 6.19.10-1

▶CVEListV5linux/linux3a616b92a9d17448d96a33bf58e69f01457fd43a — da089f74a993f846685067b14158cb41b879ff29+6

▶debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

OSV

CVE-2026-23438: In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with global_tx_fc in buffer switching mvpp2_↗2026-04-03

▶

GHSA

GHSA-4m78-cvj8-m5m2: In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with global_tx_fc in buffer switching mvpp↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: net: mvpp2: guard flow control update with global_tx_fc in buffer switching↗2026-04-03

▶

Debian

CVE-2026-23438: linux - In the Linux kernel, the following vulnerability has been resolved: net: mvpp2:...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23438 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶