CVE-2026-23279

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.13 through 6.17.0-5

Description A flaw exists in the Linux kernel's mac80211 module related to handling of mesh networking frames. Specifically, a NULL pointer dereference can occur in the mesh rx csa frame() function when processing SPECTRUM MGMT/CHL SWITCH action frames. This happens when a received CSA action frame lacks the Mesh Channel Switch Parameters IE, causing ieee802 11 parse elems() to set elems->mesh chansw params ie to NULL. Subsequently, the code attempts to dereference this NULL pointer at lines 1638 and 1642, leading to a kernel crash. A remote mesh peer with an established peer link (PLINK ESTAB) can trigger this by sending a crafted frame. The issue has been present since kernel version 3.13.

Recommendations Update the Linux kernel to a version beyond 6.17.0-5.