CVE-2026-23035

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0-rc5+ #115

Description The Linux kernel contains a flaw in the mlx5e network driver. Specifically, the mlx5e priv structure, which is unstable, could be cleared if profile attachment failed. This issue occurs because the netdev pointer was not correctly passed to the mlx5e destroy netdev() function. This could lead to a kernel oops during mlx5e remove when switchdev mode fails due to profile change failures. The issue manifests as a kernel NULL pointer dereference within the mlx5e dcbnl dscp app function.

Recommendations Update to Linux kernel version 6.18.0-rc5+ #115 or a later version to resolve this issue.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-77232

CVE-2026-23035

ECHO-6DB1-1721-0288

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20667-1

SUSE-SU-2026:20720-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

USN-8278-1

USN-8289-1

USN-8296-1

Affected Products

Linux Kernel

Ubuntu

Mlx5E

CVE-2026-23035

Related Identifiers

Affected Products

References · 1905