CVE-2026-23017
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-01-31

Last updated on: 2026-03-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset will result in a crash as the service task attempts to access uninitialized resources. Following trace is from an error in the init_task where the CREATE_VPORT (op 501) is rejected by the FW: [40922.763136] idpf 0000:83:00.0: Device HW Reset initiated [40924.449797] idpf 0000:83:00.0: Transaction failed (op 501) [40958.148190] idpf 0000:83:00.0: HW reset detected [40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8 ... [40958.168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf] [40958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf] ... [40958.177932] Call Trace: [40958.178491] <TASK> [40958.179040] process_one_work+0x226/0x6d0 [40958.179609] worker_thread+0x19e/0x340 [40958.180158] ? __pfx_worker_thread+0x10/0x10 [40958.180702] kthread+0x10f/0x250 [40958.181238] ? __pfx_kthread+0x10/0x10 [40958.181774] ret_from_fork+0x251/0x2b0 [40958.182307] ? __pfx_kthread+0x10/0x10 [40958.182834] ret_from_fork_asm+0x1a/0x30 [40958.183370] </TASK> Fix the error handling in the init_task to make sure the service and mailbox tasks are disabled if the error happens during load. These are started in idpf_vc_core_init(), which spawns the init_task and has no way of knowing if it failed. If the error happens on reset, following successful driver load, the tasks can still run, as that will allow the netdevs to attempt recovery through another reset. Stop the PTP callbacks either way as those will be restarted by the call to idpf_vc_core_init() during a successful reset.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-31
Last Modified
2026-03-25
Generated
2026-05-27
AI Q&A
2026-01-31
EPSS Evaluated
2026-05-25
NVD
CVE-2026-23017
EUVD
EUVD-2026-5077
Affected Vendors & Products
Showing 10 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.7
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.7.1 (inc) to 6.18.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's idpf driver. If the init_task fails during driver load, the system ends up without virtual ports (vports) and network devices (netdevs), causing the entire process to fail. Later, if a reset occurs, the service task tries to access uninitialized resources, leading to a kernel crash due to a NULL pointer dereference. The fix involves improving error handling in the init_task to disable service and mailbox tasks if an error occurs during load, preventing the crash.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash during a reset if the driver initialization fails, leading to system instability or downtime. This could disrupt network functionality since virtual ports and network devices may not be properly initialized, potentially impacting services relying on network connectivity.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring kernel logs for specific error messages related to the idpf driver. Look for messages indicating device hardware reset, transaction failures (op 501), and kernel NULL pointer dereferences involving idpf_vc_event_task. For example, use the command 'dmesg | grep idpf' to check for relevant error traces such as 'Device HW Reset initiated', 'Transaction failed (op 501)', and 'BUG: kernel NULL pointer dereference'.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves ensuring that the Linux kernel is updated with the fix that corrects error handling in the init_task during idpf driver load. This fix disables service and mailbox tasks if an error occurs during load, preventing crashes on reset. Until the fix is applied, monitor for the described error conditions and avoid triggering resets that could cause crashes. Restarting the idpf_vc_core_init() process after a successful reset will also help by restarting PTP callbacks safely.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart