Vulnerability-Lookup

CVE-2026-23041 (GCVE-0-2026-23041)

Vulnerability from cvelistv5 – Published: 2026-02-04 16:00 – Updated: 2026-02-09 08:37

Title

bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources() which destroys the DMA pool and sets bp->hwrm_dma_pool to NULL. Subsequently, bnxt_ptp_clear() is called, which invokes ptp_clock_unregister(). Since commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events"), ptp_clock_unregister() now calls ptp_disable_all_events(), which in turn invokes the driver's .enable() callback (bnxt_ptp_enable()) to disable PTP events before completing the unregistration. bnxt_ptp_enable() attempts to send HWRM commands via bnxt_ptp_cfg_pin() and bnxt_ptp_cfg_event(), both of which call hwrm_req_init(). This function tries to allocate from bp->hwrm_dma_pool, causing a NULL pointer dereference: bnxt_en 0000:01:00.0 (unnamed net_device) (uninitialized): bnxt_init_int_mode err: ffffffed KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] Call Trace: __hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72) bnxt_ptp_enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:517) ptp_disable_all_events (drivers/ptp/ptp_chardev.c:66) ptp_clock_unregister (drivers/ptp/ptp_clock.c:518) bnxt_ptp_clear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134) bnxt_init_one (drivers/net/ethernet/broadcom/bnxt/bnxt.c:16889) Lines are against commit f8f9c1f4d0c7 ("Linux 6.19-rc3") Fix this by clearing and unregistering ptp (bnxt_ptp_clear()) before freeing HWRM resources.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

WID-SEC-W-2026-0324

Vulnerability from csaf_certbund - Published: 2026-02-04 23:00 - Updated: 2026-02-23 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service- Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0324 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0324.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0324 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0324"
      },
      {
        "category": "external",
        "summary": "Kernel CVE Announce Mailingliste",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71192",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2025-71192-3370@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71193",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2025-71193-288d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71194",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020448-CVE-2025-71194-1108@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71195",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020449-CVE-2025-71195-8c0c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71196",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020449-CVE-2025-71196-cf4b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71197",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020412-CVE-2025-71197-cfe2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71198",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020412-CVE-2025-71198-3572@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2025-71199",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020412-CVE-2025-71199-9a60@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23040",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2026-23040-1980@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23041",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2026-23041-a426@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23042",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2026-23042-ce47@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23043",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2026-23043-4975@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23044",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2026-23044-3312@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23045",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020440-CVE-2026-23045-103a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23046",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020440-CVE-2026-23046-8bdb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23047",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020440-CVE-2026-23047-38d4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23048",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020441-CVE-2026-23048-f1cc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23049",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020449-CVE-2026-23049-9298@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23050",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020450-CVE-2026-23050-378c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23051",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020450-CVE-2026-23051-7ad8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23052",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020450-CVE-2026-23052-340f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23053",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23053-f630@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23054",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23054-3712@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23055",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23055-3f25@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23056",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020413-CVE-2026-23056-ddc8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23057",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020413-CVE-2026-23057-03eb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23058",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020414-CVE-2026-23058-802c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23059",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020414-CVE-2026-23059-152f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23060",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020414-CVE-2026-23060-6a41@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23061",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23061-31be@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23062",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23062-991d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23063",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23063-d727@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23064",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23064-8eec@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23065",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23065-f6ae@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23066",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23066-8e44@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23067",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23067-b41f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23068",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23068-0852@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23069",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23069-d026@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23070",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23070-2fcd@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23071",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23071-675b@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23072",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23072-916e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23073",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23073-9fce@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23074",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23075",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23075-0aef@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23076",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020420-CVE-2026-23076-b054@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23077",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020420-CVE-2026-23077-6880@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23078",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020420-CVE-2026-23078-61cc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23079",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23079-bb7e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23080",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23080-74d1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23081",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23081-5494@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23082",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23082-7bc8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23083",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23083-8968@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23084",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23084-8073@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23085",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020423-CVE-2026-23085-14e2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23086",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020423-CVE-2026-23086-9ad9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23087",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020423-CVE-2026-23087-f17e@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23088",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020424-CVE-2026-23088-e0da@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23089",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020424-CVE-2026-23089-760f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23090",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23090-2971@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23091",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23091-4580@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23092",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23092-fc15@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23093",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23093-db0d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23094",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23094-9cb7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23095",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23095-66e8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23096",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23096-e5af@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23097",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23097-a591@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23098",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23098-1fd2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23099",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020428-CVE-2026-23099-a393@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23100",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020428-CVE-2026-23100-b482@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23101",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020428-CVE-2026-23101-47e0@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23102",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020429-CVE-2026-23102-bafe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23103",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020429-CVE-2026-23103-63b3@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23104",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020429-CVE-2026-23104-3802@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23105",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23105-1d6d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23106",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23106-3edb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23107",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23107-50d8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23108",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020431-CVE-2026-23108-0550@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23109",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020431-CVE-2026-23109-3e57@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux Kernel CVE Announcement CVE-2026-23110",
        "url": "https://lore.kernel.org/linux-cve-announce/2026020431-CVE-2026-23110-56b1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6126 vom 2026-02-09",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00035.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-6127 vom 2026-02-10",
        "url": "https://lists.debian.org/debian-security-announce/2026/msg00036.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4476 vom 2026-02-11",
        "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00017.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-4475 vom 2026-02-11",
        "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00016.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-113 vom 2026-02-19",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-113.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3083 vom 2026-02-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:3083"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:3110 vom 2026-02-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:3110"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-02-23T23:00:00.000+00:00",
      "generator": {
        "date": "2026-02-24T08:42:29.427+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0324",
      "initial_release_date": "2026-02-04T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-02-04T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-02-09T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-02-11T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2026-02-18T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-02-23T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T050562",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-71192",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71192"
    },
    {
      "cve": "CVE-2025-71193",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71193"
    },
    {
      "cve": "CVE-2025-71194",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71194"
    },
    {
      "cve": "CVE-2025-71195",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71195"
    },
    {
      "cve": "CVE-2025-71196",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71196"
    },
    {
      "cve": "CVE-2025-71197",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71197"
    },
    {
      "cve": "CVE-2025-71198",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71198"
    },
    {
      "cve": "CVE-2025-71199",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2025-71199"
    },
    {
      "cve": "CVE-2026-23040",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23040"
    },
    {
      "cve": "CVE-2026-23041",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23041"
    },
    {
      "cve": "CVE-2026-23042",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23042"
    },
    {
      "cve": "CVE-2026-23043",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23043"
    },
    {
      "cve": "CVE-2026-23044",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23044"
    },
    {
      "cve": "CVE-2026-23045",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23045"
    },
    {
      "cve": "CVE-2026-23046",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23046"
    },
    {
      "cve": "CVE-2026-23047",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23047"
    },
    {
      "cve": "CVE-2026-23048",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23048"
    },
    {
      "cve": "CVE-2026-23049",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23049"
    },
    {
      "cve": "CVE-2026-23050",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23050"
    },
    {
      "cve": "CVE-2026-23051",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23051"
    },
    {
      "cve": "CVE-2026-23052",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23052"
    },
    {
      "cve": "CVE-2026-23053",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23053"
    },
    {
      "cve": "CVE-2026-23054",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23054"
    },
    {
      "cve": "CVE-2026-23055",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23055"
    },
    {
      "cve": "CVE-2026-23056",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23056"
    },
    {
      "cve": "CVE-2026-23057",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23057"
    },
    {
      "cve": "CVE-2026-23058",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23058"
    },
    {
      "cve": "CVE-2026-23059",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23059"
    },
    {
      "cve": "CVE-2026-23060",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23060"
    },
    {
      "cve": "CVE-2026-23061",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23061"
    },
    {
      "cve": "CVE-2026-23062",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23062"
    },
    {
      "cve": "CVE-2026-23063",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23063"
    },
    {
      "cve": "CVE-2026-23064",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23064"
    },
    {
      "cve": "CVE-2026-23065",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23065"
    },
    {
      "cve": "CVE-2026-23066",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23066"
    },
    {
      "cve": "CVE-2026-23067",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23067"
    },
    {
      "cve": "CVE-2026-23068",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23068"
    },
    {
      "cve": "CVE-2026-23069",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23069"
    },
    {
      "cve": "CVE-2026-23070",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23070"
    },
    {
      "cve": "CVE-2026-23071",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23071"
    },
    {
      "cve": "CVE-2026-23072",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23072"
    },
    {
      "cve": "CVE-2026-23073",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23073"
    },
    {
      "cve": "CVE-2026-23074",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23074"
    },
    {
      "cve": "CVE-2026-23075",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23075"
    },
    {
      "cve": "CVE-2026-23076",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23076"
    },
    {
      "cve": "CVE-2026-23077",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23077"
    },
    {
      "cve": "CVE-2026-23078",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23078"
    },
    {
      "cve": "CVE-2026-23079",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23079"
    },
    {
      "cve": "CVE-2026-23080",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23080"
    },
    {
      "cve": "CVE-2026-23081",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23081"
    },
    {
      "cve": "CVE-2026-23082",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23082"
    },
    {
      "cve": "CVE-2026-23083",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23083"
    },
    {
      "cve": "CVE-2026-23084",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23084"
    },
    {
      "cve": "CVE-2026-23085",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23085"
    },
    {
      "cve": "CVE-2026-23086",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23086"
    },
    {
      "cve": "CVE-2026-23087",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23087"
    },
    {
      "cve": "CVE-2026-23088",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23088"
    },
    {
      "cve": "CVE-2026-23089",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23089"
    },
    {
      "cve": "CVE-2026-23090",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23090"
    },
    {
      "cve": "CVE-2026-23091",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23091"
    },
    {
      "cve": "CVE-2026-23092",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23092"
    },
    {
      "cve": "CVE-2026-23093",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23093"
    },
    {
      "cve": "CVE-2026-23094",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23094"
    },
    {
      "cve": "CVE-2026-23095",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23095"
    },
    {
      "cve": "CVE-2026-23096",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23096"
    },
    {
      "cve": "CVE-2026-23097",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23097"
    },
    {
      "cve": "CVE-2026-23098",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23098"
    },
    {
      "cve": "CVE-2026-23099",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23099"
    },
    {
      "cve": "CVE-2026-23100",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23100"
    },
    {
      "cve": "CVE-2026-23101",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23101"
    },
    {
      "cve": "CVE-2026-23102",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23102"
    },
    {
      "cve": "CVE-2026-23103",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23103"
    },
    {
      "cve": "CVE-2026-23104",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23104"
    },
    {
      "cve": "CVE-2026-23105",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23105"
    },
    {
      "cve": "CVE-2026-23106",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23106"
    },
    {
      "cve": "CVE-2026-23107",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23107"
    },
    {
      "cve": "CVE-2026-23108",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23108"
    },
    {
      "cve": "CVE-2026-23109",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23109"
    },
    {
      "cve": "CVE-2026-23110",
      "product_status": {
        "known_affected": [
          "2951",
          "67646",
          "398363",
          "T050562"
        ]
      },
      "release_date": "2026-02-04T23:00:00.000+00:00",
      "title": "CVE-2026-23110"
    }
  ]
}

GHSA-F2R6-XF7J-HXVF

Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-02-04 18:30

Details

In the Linux kernel, the following vulnerability has been resolved:

bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup

When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns -ENODEV), the error path calls bnxt_free_hwrm_resources() which destroys the DMA pool and sets bp->hwrm_dma_pool to NULL. Subsequently, bnxt_ptp_clear() is called, which invokes ptp_clock_unregister().

Since commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events"), ptp_clock_unregister() now calls ptp_disable_all_events(), which in turn invokes the driver's .enable() callback (bnxt_ptp_enable()) to disable PTP events before completing the unregistration.

bnxt_ptp_enable() attempts to send HWRM commands via bnxt_ptp_cfg_pin() and bnxt_ptp_cfg_event(), both of which call hwrm_req_init(). This function tries to allocate from bp->hwrm_dma_pool, causing a NULL pointer dereference:

bnxt_en 0000:01:00.0 (unnamed net_device) (uninitialized): bnxt_init_int_mode err: ffffffed KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] Call Trace: __hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72) bnxt_ptp_enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:517) ptp_disable_all_events (drivers/ptp/ptp_chardev.c:66) ptp_clock_unregister (drivers/ptp/ptp_clock.c:518) bnxt_ptp_clear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134) bnxt_init_one (drivers/net/ethernet/broadcom/bnxt/bnxt.c:16889)

Lines are against commit f8f9c1f4d0c7 ("Linux 6.19-rc3")

Fix this by clearing and unregistering ptp (bnxt_ptp_clear()) before freeing HWRM resources.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-23041"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-04T16:16:19Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup\n\nWhen bnxt_init_one() fails during initialization (e.g.,\nbnxt_init_int_mode returns -ENODEV), the error path calls\nbnxt_free_hwrm_resources() which destroys the DMA pool and sets\nbp-\u003ehwrm_dma_pool to NULL. Subsequently, bnxt_ptp_clear() is called,\nwhich invokes ptp_clock_unregister().\n\nSince commit a60fc3294a37 (\"ptp: rework ptp_clock_unregister() to\ndisable events\"), ptp_clock_unregister() now calls\nptp_disable_all_events(), which in turn invokes the driver\u0027s .enable()\ncallback (bnxt_ptp_enable()) to disable PTP events before completing the\nunregistration.\n\nbnxt_ptp_enable() attempts to send HWRM commands via bnxt_ptp_cfg_pin()\nand bnxt_ptp_cfg_event(), both of which call hwrm_req_init(). This\nfunction tries to allocate from bp-\u003ehwrm_dma_pool, causing a NULL\npointer dereference:\n\n  bnxt_en 0000:01:00.0 (unnamed net_device) (uninitialized): bnxt_init_int_mode err: ffffffed\n  KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n  Call Trace:\n   __hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72)\n   bnxt_ptp_enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:517)\n   ptp_disable_all_events (drivers/ptp/ptp_chardev.c:66)\n   ptp_clock_unregister (drivers/ptp/ptp_clock.c:518)\n   bnxt_ptp_clear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134)\n   bnxt_init_one (drivers/net/ethernet/broadcom/bnxt/bnxt.c:16889)\n\nLines are against commit f8f9c1f4d0c7 (\"Linux 6.19-rc3\")\n\nFix this by clearing and unregistering ptp (bnxt_ptp_clear()) before\nfreeing HWRM resources.",
  "id": "GHSA-f2r6-xf7j-hxvf",
  "modified": "2026-02-04T18:30:41Z",
  "published": "2026-02-04T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23041"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0174d5466caefc22f03a36c43b2a3cce7e332627"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3358995b1a7f9dcb52a56ec8251570d71024dad0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2026-23041

Vulnerability from fkie_nvd - Published: 2026-02-04 16:16 - Updated: 2026-02-04 16:33

Severity ?

Summary

References

	URL	Tags
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/0174d5466caefc22f03a36c43b2a3cce7e332627
	416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/3358995b1a7f9dcb52a56ec8251570d71024dad0

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup\n\nWhen bnxt_init_one() fails during initialization (e.g.,\nbnxt_init_int_mode returns -ENODEV), the error path calls\nbnxt_free_hwrm_resources() which destroys the DMA pool and sets\nbp-\u003ehwrm_dma_pool to NULL. Subsequently, bnxt_ptp_clear() is called,\nwhich invokes ptp_clock_unregister().\n\nSince commit a60fc3294a37 (\"ptp: rework ptp_clock_unregister() to\ndisable events\"), ptp_clock_unregister() now calls\nptp_disable_all_events(), which in turn invokes the driver\u0027s .enable()\ncallback (bnxt_ptp_enable()) to disable PTP events before completing the\nunregistration.\n\nbnxt_ptp_enable() attempts to send HWRM commands via bnxt_ptp_cfg_pin()\nand bnxt_ptp_cfg_event(), both of which call hwrm_req_init(). This\nfunction tries to allocate from bp-\u003ehwrm_dma_pool, causing a NULL\npointer dereference:\n\n  bnxt_en 0000:01:00.0 (unnamed net_device) (uninitialized): bnxt_init_int_mode err: ffffffed\n  KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\n  Call Trace:\n   __hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72)\n   bnxt_ptp_enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:517)\n   ptp_disable_all_events (drivers/ptp/ptp_chardev.c:66)\n   ptp_clock_unregister (drivers/ptp/ptp_clock.c:518)\n   bnxt_ptp_clear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134)\n   bnxt_init_one (drivers/net/ethernet/broadcom/bnxt/bnxt.c:16889)\n\nLines are against commit f8f9c1f4d0c7 (\"Linux 6.19-rc3\")\n\nFix this by clearing and unregistering ptp (bnxt_ptp_clear()) before\nfreeing HWRM resources."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbnxt_en: Correcci\u00f3n de un fallo por puntero NULL en bnxt_ptp_enable durante la limpieza de errores\n\nCuando bnxt_init_one() falla durante la inicializaci\u00f3n (p. ej., bnxt_init_int_mode devuelve -ENODEV), la ruta de error llama a bnxt_free_hwrm_resources() que destruye el pool de DMA y establece bp-\u0026gt;hwrm_dma_pool a NULL. Posteriormente, se llama a bnxt_ptp_clear(), que invoca a ptp_clock_unregister().\n\nDesde el commit a60fc3294a37 (\u0027ptp: rework ptp_clock_unregister() to disable events\u0027), ptp_clock_unregister() ahora llama a ptp_disable_all_events(), que a su vez invoca la funci\u00f3n de callback .enable() del controlador (bnxt_ptp_enable()) para deshabilitar los eventos PTP antes de completar el desregistro.\n\nbnxt_ptp_enable() intenta enviar comandos HWRM a trav\u00e9s de bnxt_ptp_cfg_pin() y bnxt_ptp_cfg_event(), ambas llaman a hwrm_req_init(). Esta funci\u00f3n intenta asignar memoria de bp-\u0026gt;hwrm_dma_pool, causando una desreferencia de puntero NULL:\n\n  bnxt_en 0000:01:00.0 (net_device sin nombre) (no inicializado): bnxt_init_int_mode err: ffffffed\n  KASAN: desreferencia de puntero nulo en el rango [0x0000000000000028-0x000000000000002f]\n  Traza de Llamadas:\n   __hwrm_req_init (drivers/net/ethernet/broadcom/bnxt/bnxt_hwrm.c:72)\n   bnxt_ptp_enable (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:323 drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:517)\n   ptp_disable_all_events (drivers/ptp/ptp_chardev.c:66)\n   ptp_clock_unregister (drivers/ptp/ptp_clock.c:518)\n   bnxt_ptp_clear (drivers/net/ethernet/broadcom/bnxt/bnxt_ptp.c:1134)\n   bnxt_init_one (drivers/net/ethernet/broadcom/bnxt/bnxt.c:16889)\n\nLas l\u00edneas son contra el commit f8f9c1f4d0c7 (\u0027Linux 6.19-rc3\u0027)\n\nSolucione esto limpiando y desregistrando ptp (bnxt_ptp_clear()) antes de liberar los recursos HWRM."
    }
  ],
  "id": "CVE-2026-23041",
  "lastModified": "2026-02-04T16:33:44.537",
  "metrics": {},
  "published": "2026-02-04T16:16:19.563",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/0174d5466caefc22f03a36c43b2a3cce7e332627"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3358995b1a7f9dcb52a56ec8251570d71024dad0"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-23041 (GCVE-0-2026-23041)

WID-SEC-W-2026-0324

GHSA-F2R6-XF7J-HXVF

FKIE_CVE-2026-23041

Tags

Sightings

Nomenclature