#VU124643 NULL pointer dereference in Linux kernel - CVE-2026-23396
Published: March 26, 2026
Vulnerability identifier: #VU124643
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-23396
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows an attacker with physical access to cause a denial of service.
The vulnerability exists due to improper pointer dereference in the mesh_matches_local() function in the Linux kernel's mac80211 subsystem when handling Wi-Fi mesh action frames. An attacker with physical access can send a specially crafted CSA action frame that includes a valid Mesh ID IE but omits the Mesh Configuration IE to cause a kernel NULL pointer dereference, resulting in a system crash.
The vulnerability specifically affects Wi-Fi mesh mode processing and requires the attacker to be within radio range to transmit the malicious frame. No authentication or user interaction is required for exploitation.
Remediation
Install security update from vendor's repository.
External links
- https://git.kernel.org/stable/c/0a4da176ae4b4e075a19c00d3e269cfd5e05a813
- https://git.kernel.org/stable/c/44699c6cdfce80a0f296b54ae9314461e3e41b3d
- https://git.kernel.org/stable/c/7c55a3deaf7eaaafa2546f8de7fed19382a0a116
- https://git.kernel.org/stable/c/a90279e7f7ea0b7e923a1c5ebee9a6b78b6d1004
- https://git.kernel.org/stable/c/c1e3f2416fb27c816ce96d747d3e784e31f4d95c
- https://git.kernel.org/stable/c/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd