CVE-2026-23000

CVSS v2.0

6.0

Medium

Vector

AV:L/AC:H/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw within the mlx5e netdev change profile function. A failure to attach a new profile during a profile change rollback can lead to a dangling netdev with a reset netdev priv. Subsequent attempts to change the profile, such as through switchdev mode changes, can then cause a kernel crash due to accessing a NULL pointer. The issue occurs when the function fails to rollback to the original profile, resulting in an invalid priv pointer. The fix involves handling previous failures and empty priv values within mlx5e netdev change profile, and passing netdev and mdev to all flows requiring the function, avoiding the use of priv.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-77343

AZL-78324

BDU:2026-01055

CVE-2026-23000

ECHO-9AB4-587B-35DE

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linux Kernel

Ubuntu

Mlx5E

CVE-2026-23000

Weakness Enumeration

Related Identifiers

Affected Products

References · 1938