PatchSiren cyber security CVE debrief
CVE-2026-23019 Linux CVE debrief
A NULL pointer dereference vulnerability was found in the Linux kernel's Marvell Prestera driver. The vulnerability occurs when the devlink_alloc() function returns NULL, but the prestera_devlink_alloc() function unconditionally calls devlink_priv() on the returned pointer, leading to a NULL pointer dereference. This vulnerability affects Linux kernel versions 5.10.1 to 5.15.198, 5.16 to 6.1.161, 6.2 to 6.6.121, 6.7 to 6.12.66, and 6.13 to 6.18.6. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. Limited evidence suggests that this vulnerability may be exploited in the wild, but defenders should verify affected deployments and review system logs for signs of exploitation.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-31
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-01-31
- Advisory updated
- 2026-07-14
Who should care
Linux kernel developers and users who rely on the Marvell Prestera driver should be aware of this vulnerability and take steps to mitigate it. This includes applying the available patches to fix the vulnerability, using a supported Linux kernel version that includes the fix, and monitoring system logs for signs of exploitation.
Technical summary
The vulnerability is caused by a NULL pointer dereference in the prestera_devlink_alloc() function. The devlink_alloc() function may return NULL on allocation failure, but the prestera_devlink_alloc() function does not check for this condition before calling devlink_priv() on the returned pointer. This can lead to a NULL pointer dereference and a system crash. The affected versions of the Linux kernel are 5.10.1 to 5.15.198, 5.16 to 6.1.161, 6.2 to 6.6.121, 6.7 to 6.12.66, and 6.13 to 6.18.6.
Defensive priority
Medium-High
Recommended defensive actions
- Apply the available patches to fix the vulnerability
- Use a supported Linux kernel version that includes the fix
- Monitor system logs for signs of exploitation
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The vulnerability was resolved in the Linux kernel through a series of patches. Limited evidence suggests that this vulnerability may be exploited in the wild, but defenders should verify affected deployments and review system logs for signs of exploitation. Additional verification is recommended due to limited source detail.
Official resources
-
CVE-2026-23019 CVE record
CVE.org
-
CVE-2026-23019 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Source reference
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-01-31T12:16:05.207Z and has not been modified since then.