CVE-2026-23084
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux be2net Driver Network Component

Publication date: 2026-02-04

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is set to false, the driver may request the PMAC_ID from the firmware of the network card, and this function will store that PMAC_ID at the provided address pmac_id. This is the contract of this function. However, there is a location within the driver where both pmac_id_valid == false and pmac_id == NULL are being passed. This could result in dereferencing a NULL pointer. To resolve this issue, it is necessary to pass the address of a stub variable to the function.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-04
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23084
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 5.11 (inc) to 5.15.199 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.162 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.122 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.68 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.8 (exc)
linux linux_kernel 6.19
linux linux_kernel From 3.12 (inc) to 5.10.249 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's be2net driver. Specifically, it involves the function be_cmd_get_mac_from_list(). When the parameter pmac_id_valid is set to false, the function requests a PMAC_ID from the network card's firmware and stores it at the address provided by pmac_id. However, there is a flaw where the function is called with pmac_id_valid set to false and pmac_id set to NULL, which leads to a NULL pointer dereference.

Dereferencing a NULL pointer can cause the system to crash or behave unpredictably. The fix involves passing the address of a stub variable instead of NULL to prevent this issue.

Impact Analysis

This vulnerability can cause a NULL pointer dereference in the Linux kernel driver, which may lead to system crashes or instability. Such crashes can result in denial of service, affecting the availability of the affected system or network device.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23084. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart