CVE-2026-23041

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19-rc3

Description The Broadcom network driver in the Linux kernel contains a flaw related to PTP (Precision Time Protocol) handling. Specifically, a NULL pointer dereference can occur in the bnxt ptp enable() function during error cleanup when bnxt init one() fails. This happens because the hardware resource DMA pool is freed before the PTP clock is unregistered, leading to a crash when attempting to allocate memory from the freed pool. The issue stems from the order of operations during error handling, where PTP events are disabled after the DMA pool has been destroyed.

Recommendations Update to a version of the Linux kernel that is later than 6.19-rc3.