CVE-2026-23017

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel’s idpf driver related to error handling within the init task during driver loading. If the init task fails, the system may lack necessary virtual ports and network devices, leading to a crash upon subsequent reset attempts as the service task attempts to access uninitialized resources. The issue manifests as a kernel NULL pointer dereference when the CREATE VPORT operation (op 501) is rejected by the firmware. The fix involves improving error handling in the init task to disable service and mailbox tasks if an error occurs during loading. The PTP callbacks are also stopped to prevent issues during a successful reset. The vulnerable function is idpf vc event task.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.