CVE-2026-23396

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the mac80211 component, specifically in the mesh matches local() function. This function unconditionally dereferences ie->mesh config to compare mesh configuration parameters. When called from mesh rx csa frame(), the parsed action-frame elements may lack a Mesh Configuration IE, resulting in a kernel NULL pointer dereference. An attacker in close proximity can exploit this by sending a specially crafted CSA action frame that includes a valid Mesh ID IE but omits the Mesh Configuration IE, leading to a kernel crash. The function mesh matches local() is vulnerable. The ie->mesh config variable is dereferenced without proper checks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.