CVE-2026-23433
Received Received - Intake

Null Pointer Dereference in Linux arm_mpam Bandwidth Counters

Vulnerability report for CVE-2026-23433, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-03

Last updated on: 2026-04-23

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpam_restore_mbwu_state() calls __ris_msmon_read() via ipi to restore the configuration of the bandwidth counters. It doesn't care about the value read, mbwu_arg.val, and doesn't set it leading to a null pointer dereference when __ris_msmon_read() adds to it. This results in a kernel oops with a call trace such as: Call trace: __ris_msmon_read+0x19c/0x64c (P) mpam_restore_mbwu_state+0xa0/0xe8 smp_call_on_cpu_callback+0x1c/0x38 process_one_work+0x154/0x4b4 worker_thread+0x188/0x310 kthread+0x11c/0x130 ret_from_fork+0x10/0x20 Provide a local variable for val to avoid __ris_msmon_read() dereferencing a null pointer when adding to val.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-03
Last Modified
2026-04-23
Generated
2026-07-06
AI Q&A
2026-04-03
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 6.19
linux linux_kernel From 6.19.1 (inc) to 6.19.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's arm_mpam component, which handles memory bandwidth monitoring. When a memory system controller (MSC) that supports bandwidth monitoring is taken offline and then brought back online, a function called mpam_restore_mbwu_state() attempts to restore bandwidth counter configurations by calling __ris_msmon_read(). However, it does not properly initialize a local variable (mbwu_arg.val) before passing it, leading to a null pointer dereference inside __ris_msmon_read(). This causes a kernel crash (kernel oops) with a specific call trace.

Impact Analysis

The vulnerability can cause the Linux kernel to crash unexpectedly due to a null pointer dereference. This kernel oops can lead to system instability, potential denial of service, and interruption of normal operations on affected systems using the arm_mpam memory bandwidth monitoring feature.

Detection Guidance

This vulnerability results in a kernel oops caused by a null pointer dereference in the Linux kernel when restoring memory bandwidth counters. Detection would involve monitoring for kernel oops messages or call traces related to __ris_msmon_read and mpam_restore_mbwu_state.

  • Check the kernel logs (e.g., using dmesg) for oops messages or call traces containing __ris_msmon_read and mpam_restore_mbwu_state.
  • Use the command: dmesg | grep -E '__ris_msmon_read|mpam_restore_mbwu_state' to filter relevant kernel messages.
  • Monitor system stability for unexpected kernel crashes or oops events related to memory bandwidth monitoring.
Mitigation Strategies

The vulnerability has been resolved by providing a local variable to avoid null pointer dereference in the kernel code. Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.

  • Apply the latest Linux kernel updates or patches that address this specific issue.
  • If updating immediately is not possible, consider disabling memory bandwidth monitoring features (MSC) temporarily to avoid triggering the vulnerable code path.
  • Monitor kernel logs for related errors and avoid bringing MSC offline and online until patched.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart