PatchSiren cyber security CVE debrief
CVE-2026-23438 Linux CVE debrief
A NULL pointer dereference vulnerability was found in the Linux kernel's mvpp2 driver. The vulnerability occurs when the CM3 SRAM resource is not present in the device tree, causing the priv->cm3_base to remain NULL and priv->global_tx_fc to be false. This can lead to a crash when the mvpp2_bm_switch_buffers() function is triggered, for example, by an MTU change that crosses the jumbo frame threshold. The fix is to add a priv->global_tx_fc guard to both the disable and re-enable calls in mvpp2_bm_switch_buffers(), consistent with the rest of the driver. Users of Linux kernel versions 5.12.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.78, 6.13 to 6.18.20, 6.19 to 6.19.10, and 7.0 rc1 to rc7 should apply patches to mitigate this vulnerability.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-03
- Original CVE updated
- 2026-07-14
- Advisory published
- 2026-04-03
- Advisory updated
- 2026-07-14
Who should care
Users of Linux kernel versions 5.12.1 to 5.15.203, 5.16 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.78, 6.13 to 6.18.20, 6.19 to 6.19.10, and 7.0 rc1 to rc7 should apply patches to mitigate this vulnerability. System administrators and security teams responsible for Linux kernel-based systems should review their deployments and apply the necessary patches.
Technical summary
The mvpp2_bm_switch_buffers() function unconditionally calls mvpp2_bm_pool_update_priv_fc() when switching between per-cpu and shared buffer pool modes. However, this function does not check if priv->cm3_base is NULL before dereferencing it, leading to a NULL pointer dereference. The fix is to add a priv->global_tx_fc guard to both the disable and re-enable calls in mvpp2_bm_switch_buffers(), consistent with the rest of the driver. This fix prevents the NULL pointer dereference and ensures the stability of the Linux kernel.
Defensive priority
Medium
Recommended defensive actions
- Apply patches from Linux kernel stable branches
- Inventory and update affected Linux kernel versions
- Monitor for MTU changes that may trigger the vulnerability
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-04-03T16:16:25.540Z and last modified on 2026-07-14T13:18:34.257Z. The NVD entry is currently Modified. The Linux kernel's mvpp2 driver has a NULL pointer dereference vulnerability when the CM3 SRAM resource is not present in the device tree. This can cause a crash when the mvpp2_bm_switch_buffers() function is triggered. Users should verify their Linux kernel versions and apply patches if necessary.
Official resources
-
CVE-2026-23438 CVE record
CVE.org
-
CVE-2026-23438 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
-
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-04-03T16:16:25.540Z and has not been modified since then.