PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-23279 Linux CVE debrief

CVE-2026-23279 is a Linux kernel mac80211 bug that can crash systems using 802.11s mesh networking. A crafted Spectrum Management / Channel Switch action frame that matches the local Mesh ID and Mesh Configuration but omits the Mesh Channel Switch Parameters IE can trigger a NULL pointer dereference in mesh_rx_csa_frame(). The impact is denial of service through a kernel oops/panic risk, not code execution, based on the supplied record.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-05-22
Advisory published
2026-03-25
Advisory updated
2026-05-22

Who should care

Linux kernel maintainers, distribution security teams, and operators of systems that use Wi‑Fi mesh (802.11s) or mac80211-based wireless stacks should prioritize this issue. It is especially relevant for devices that accept peer links in mesh mode and may receive untrusted management frames from adjacent wireless peers.

Technical summary

According to the CVE record, mesh_rx_csa_frame() dereferences elems->mesh_chansw_params_ie without checking for NULL after mesh_matches_local() validates only the Mesh ID, Mesh Configuration, and Supported Rates IEs. If ieee802_11_parse_elems() does not find the Mesh Channel Switch Parameters IE (element ID 118), the pointer remains NULL and the unconditional access causes a NULL pointer dereference. The described trigger requires an established mesh peer link (PLINK_ESTAB) and a crafted SPECTRUM_MGMT/CHL_SWITCH action frame that omits the parameter IE while still matching the local mesh identifiers.

Defensive priority

Medium

Recommended defensive actions

  • Apply the Linux kernel patches referenced in the NVD record and your distribution's backport updates.
  • Prioritize updates on hosts that use 802.11s mesh or mac80211 mesh peering features.
  • Verify whether your deployed kernel version falls within the affected ranges listed by NVD, including the version branches starting at 3.13 and the 7.0-rc1 line.
  • Treat unexpected kernel oopses or reboots in mesh environments as a security signal and review logs for mac80211-related crashes.
  • If mesh networking is not required, disable or restrict mesh functionality to reduce exposure.

Evidence notes

The CVE description states that elems->mesh_chansw_params_ie is dereferenced in mesh_rx_csa_frame() without a prior NULL check, and that ieee802_11_parse_elems() leaves the pointer NULL when the Mesh Channel Switch Parameters IE is omitted. The supplied NVD record classifies the weakness as CWE-476 and provides patch references on git.kernel.org. The record also lists affected Linux kernel version ranges and a CVSS v3.1 vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Official resources

CVE published: 2026-03-25T11:16:22.333Z. CVE modified: 2026-05-22T00:37:25.830Z. This debrief uses the published and modified timestamps supplied in the source record.