Null Pointer Dereference Vulnerability in Linux Kernel Affects Wireless Mesh Configuration
CVE-2026-23396

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
26 March 2026

What is CVE-2026-23396?

A vulnerability in the Linux Kernel's mac80211 subsystem can lead to a null pointer dereference when processing certain mesh configuration parameters. Specifically, the function mesh_matches_local() fails to check for the presence of the Mesh Configuration Information Element (IE) before usage, potentially allowing an adjacent attacker to exploit this by sending a crafted CSA action frame. This can cause the kernel to crash, resulting in system instability. To resolve this issue, a NULL check has been added to prevent dereferencing a null pointer, enhancing the security and robustness of the networking stack.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 2e3c8736820bf72a8ad10721c7e31d36d4fa7790

Linux 2e3c8736820bf72a8ad10721c7e31d36d4fa7790 < 0a4da176ae4b4e075a19c00d3e269cfd5e05a813

Linux 2e3c8736820bf72a8ad10721c7e31d36d4fa7790

References

https://git.kernel.org/stable/c/c1e3f2416fb27c816ce96d747...
https://git.kernel.org/stable/c/0a4da176ae4b4e075a19c00d3...
https://git.kernel.org/stable/c/a90279e7f7ea0b7e923a1c5eb...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.