CVE-2026-23084

When the parameter pmacidvalid argument of becmdgetmacfromlist() is set to false, the driver may request the PMACID from the firmware of the network card, and this function will store that PMACID at the provided address pmacid. This is the contract of this function.

However, there is a location within the driver where both pmacidvalid == false and pmac_id == NULL are being passed. This could result in dereferencing a NULL pointer.

To resolve this issue, it is necessary to pass the address of a stub variable to the function.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23084.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

95046b927a54f461766f83a212c6a93bc5fd2e67

Fixed

4cba480c9b9a3861a515262225cb53a1f5978344

Fixed

92c6dc181a18e6e0ddb872ed35cb48a9274829e4

Fixed

6c3e00888dbec887125a08b51a705b9b163fcdd1

Fixed

e206fb415db36bad52bb90c08d46ce71ffbe8a80

Fixed

47ffb4dcffe336f4a7bd0f3284be7aadc6484698

Fixed

31410a01a86bcb98c798d01061abf1f789c4f75a

Fixed

8215794403d264739cc676668087512950b2ff31

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23084.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.12.0

Fixed

5.10.249

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.199

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

6.1.162

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.6.122

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.68

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.18.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23084.json"