PT-2026-6140 · Unknown+1 · Octeontx2-Af+1

Published

2026-01-01

Updated

2026-03-26

CVE-2026-23070

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.19.0-rc5-00154-g76ec646abdf7-dirty through 6.19.0-rc5-00154-g76ec646abdf7-dirty

Description The Linux kernel contains a flaw related to insufficient checks for firmware data (fwdata) in the Octeontx2-af driver. Specifically, the firmware populates MAC address, link modes, and EEPROM data into a shared structure accessible by the kernel via the MAC block (CGX/RPM). Accessing this fwdata on systems booted without a MAC block can lead to kernel panics. The issue occurs during the rvu sdp init function and is triggered when accessing fwdata without proper validation.

Recommendations Linux kernel version 6.19.0-rc5-00154-g76ec646abdf7-dirty: Update to a newer version of the Linux kernel that includes the fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23070

OPENSUSE-SU-2026:20416-1

SUSE-SU-2026:0962-1

SUSE-SU-2026:1081-1

SUSE-SU-2026:20838-1

SUSE-SU-2026:20931-1

SUSE-SU-2026:21284-1

Affected Products

Linux Kernel

Octeontx2-Af

PT-2026-6140 · Unknown+1 · Octeontx2-Af+1

CVE-2026-23070

Related Identifiers

Affected Products

References · 469