CVE-2026-23438

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's networking subsystem, specifically within the mvpp2 module. The mvpp2 bm switch buffers() function does not properly check for a NULL pointer in priv->cm3 base when switching between per-cpu and shared buffer pool modes. This can lead to a kernel crash if the CM3 SRAM resource is not present in the device tree. The issue occurs when operations trigger mvpp2 bm switch buffers(), such as an MTU change that crosses the jumbo frame threshold. The function unconditionally calls mvpp2 bm pool update priv fc() without validating priv->cm3 base, resulting in a NULL pointer dereference.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.