CVE-2026-23183
Unknown Unknown - Not Provided
NULL Pointer Dereference in Linux Kernel cgroup/dmem Component

Publication date: 2026-02-14

Last updated on: 2026-02-14

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 15 UID: 0 PID: 658 Comm: bash Tainted: 6.19.0-rc6-next-2026012 Tainted: [O]=OOT_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), RIP: 0010:strcmp+0x10/0x30 RSP: 0018:ffffc900017f7dc0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888107cd4358 RDX: 0000000019f73907 RSI: ffffffff82cc381a RDI: 0000000000000000 RBP: ffff8881016bef0d R08: 000000006c0e7145 R09: 0000000056c0e714 R10: 0000000000000001 R11: ffff888107cd4358 R12: 0007ffffffffffff R13: ffff888101399200 R14: ffff888100fcb360 R15: 0007ffffffffffff CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000105c79000 CR4: 00000000000006f0 Call Trace: <TASK> dmemcg_limit_write.constprop.0+0x16d/0x390 ? __pfx_set_resource_max+0x10/0x10 kernfs_fop_write_iter+0x14e/0x200 vfs_write+0x367/0x510 ksys_write+0x66/0xe0 do_syscall_64+0x6b/0x390 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f42697e1887 It was trriggered setting max without limitation, the command is like: "echo test/region0 > dmem.max". To fix this issue, add check whether options is valid after parsing the region_name.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-02-14
Generated
2026-05-27
AI Q&A
2026-02-14
EPSS Evaluated
2026-05-25
NVD
CVE-2026-23183
EUVD
EUVD-2026-5857
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.19.0-rc6-next-2026012
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's cgroup/dmem subsystem. It is caused by a NULL pointer dereference when setting the maximum limit (max) for a memory region. Specifically, the issue occurs when an invalid or missing check on the options after parsing the region name allows a NULL pointer to be dereferenced, leading to a kernel crash (BUG: kernel NULL pointer dereference).

The problem was triggered by commands like "echo test/region0 > dmem.max" without proper validation, causing the kernel to attempt to access memory at address 0x0, which is invalid.

The fix involved adding a check to ensure the options are valid after parsing the region name to prevent the NULL pointer dereference.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference, resulting in a denial of service (DoS) condition. An attacker or user with the ability to set memory cgroup limits could exploit this to crash the system or cause instability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability is triggered by a NULL pointer dereference in the Linux kernel when setting the max value in cgroup/dmem. It can be detected by observing kernel oops messages or crashes related to NULL pointer dereferences in the cgroup/dmem subsystem.

A specific command that may trigger the issue is writing to the dmem.max file, for example:

  • echo test/region0 > dmem.max

Monitoring kernel logs (e.g., using dmesg or journalctl) for messages similar to the provided kernel oops trace can help detect if the vulnerability has been triggered.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the Linux kernel is updated to a version where the fix has been applied. The fix involves adding a check to validate options after parsing the region_name to prevent NULL pointer dereference.

Until the kernel is updated, avoid setting the max value in cgroup/dmem with invalid or unvalidated inputs, such as using commands like "echo test/region0 > dmem.max".


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart