CVE-2026-23433
Received Received - Intake
Null Pointer Dereference in Linux arm_mpam Bandwidth Counters

Publication date: 2026-04-03

Last updated on: 2026-04-23

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpam_restore_mbwu_state() calls __ris_msmon_read() via ipi to restore the configuration of the bandwidth counters. It doesn't care about the value read, mbwu_arg.val, and doesn't set it leading to a null pointer dereference when __ris_msmon_read() adds to it. This results in a kernel oops with a call trace such as: Call trace: __ris_msmon_read+0x19c/0x64c (P) mpam_restore_mbwu_state+0xa0/0xe8 smp_call_on_cpu_callback+0x1c/0x38 process_one_work+0x154/0x4b4 worker_thread+0x188/0x310 kthread+0x11c/0x130 ret_from_fork+0x10/0x20 Provide a local variable for val to avoid __ris_msmon_read() dereferencing a null pointer when adding to val.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-03
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2026-04-03
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23433
EUVD
EUVD-2026-18671
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 6.19
linux linux_kernel From 6.19.1 (inc) to 6.19.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's arm_mpam component, which handles memory bandwidth monitoring. When a memory system controller (MSC) that supports bandwidth monitoring is taken offline and then brought back online, a function called mpam_restore_mbwu_state() attempts to restore bandwidth counter configurations by calling __ris_msmon_read(). However, it does not properly initialize a local variable (mbwu_arg.val) before passing it, leading to a null pointer dereference inside __ris_msmon_read(). This causes a kernel crash (kernel oops) with a specific call trace.

Impact Analysis

The vulnerability can cause the Linux kernel to crash unexpectedly due to a null pointer dereference. This kernel oops can lead to system instability, potential denial of service, and interruption of normal operations on affected systems using the arm_mpam memory bandwidth monitoring feature.

Detection Guidance

This vulnerability results in a kernel oops caused by a null pointer dereference in the Linux kernel when restoring memory bandwidth counters. Detection would involve monitoring for kernel oops messages or call traces related to __ris_msmon_read and mpam_restore_mbwu_state.

  • Check the kernel logs (e.g., using dmesg) for oops messages or call traces containing __ris_msmon_read and mpam_restore_mbwu_state.
  • Use the command: dmesg | grep -E '__ris_msmon_read|mpam_restore_mbwu_state' to filter relevant kernel messages.
  • Monitor system stability for unexpected kernel crashes or oops events related to memory bandwidth monitoring.
Mitigation Strategies

The vulnerability has been resolved by providing a local variable to avoid null pointer dereference in the kernel code. Immediate mitigation steps include updating the Linux kernel to a version that contains this fix.

  • Apply the latest Linux kernel updates or patches that address this specific issue.
  • If updating immediately is not possible, consider disabling memory bandwidth monitoring features (MSC) temporarily to avoid triggering the vulnerable code path.
  • Monitor kernel logs for related errors and avoid bringing MSC offline and online until patched.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23433. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart