IM
IronMonkey Threat Research

CVE-2026-23084 MEDIUM

Published: 2026-02-04 | Last Modified: 2026-07-14 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is set to false, the driver may request the PMAC_ID from the firmware of the network card, and this function will store that PMAC_ID at the provided address pmac_id. This is the contract of this function. However, there is a location within the driver where both pmac_id_valid == false and pmac_id == NULL are being passed. This could result in dereferencing a NULL pointer. To resolve this issue, it is necessary to pass the address of a stub variable to the function.

Additional Descriptions (1)

En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta: be2net: Corrección de desreferencia de puntero NULL en be_cmd_get_mac_from_list Cuando el argumento del parámetro pmac_id_valid de be_cmd_get_mac_from_list() se establece en falso, el controlador puede solicitar el PMAC_ID del firmware de la tarjeta de red, y esta función almacenará ese PMAC_ID en la dirección pmac_id proporcionada. Este es el contrato de esta función. Sin embargo, existe una ubicación dentro del controlador donde se están pasando tanto pmac_id_valid == false como pmac_id == NULL. Esto podría resultar en la desreferencia de un puntero NULL. Para resolver este problema, es necesario pasar la dirección de una variable auxiliar a la función.

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en CWE-476

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702b70377f40> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcc9b0cc0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702b70376d00> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc3c4100> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702b70374280> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc130700> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bde1653c0> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702b70377a80> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702b70376400> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702b70375b40> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bfc2a4600> Operating System
linux linux_kernel 6.19 <built-in method update of dict object at 0x702bcc9b0880> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*

References

Notification
Message here