Skip to main content

Linux CVE-2026-23433

| EUVDEUVD-2026-18671 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-04-03 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Apr 23, 2026 - 21:11 NVD
5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
4ad79c874e53ebb7fe3b8ae7ac6c858a2121f415
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18671
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

arm_mpam: Fix null pointer dereference when restoring bandwidth counters

When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpam_restore_mbwu_state() calls __ris_msmon_read() via ipi to restore the configuration of the bandwidth counters. It doesn't care about the value read, mbwu_arg.val, and doesn't set it leading to a null pointer dereference when __ris_msmon_read() adds to it. This results in a kernel oops with a call trace such as:

Call trace: __ris_msmon_read+0x19c/0x64c (P) mpam_restore_mbwu_state+0xa0/0xe8 smp_call_on_cpu_callback+0x1c/0x38 process_one_work+0x154/0x4b4 worker_thread+0x188/0x310 kthread+0x11c/0x130 ret_from_fork+0x10/0x20

Provide a local variable for val to avoid __ris_msmon_read() dereferencing a null pointer when adding to val.

AnalysisAI

Null pointer dereference in Linux kernel arm_mpam memory bandwidth monitoring causes kernel oops when an MSC supporting bandwidth monitoring transitions offline and back online. The mpam_restore_mbwu_state() function fails to initialize a value buffer before passing it to __ris_msmon_read() via IPI, triggering a crash in the bandwidth counter restoration routine. This affects ARM systems with MPAM (Memory Partitioning and Monitoring) support and results in denial of service through system instability when memory controllers are toggled.

Technical ContextAI

The vulnerability exists in ARM's Memory Partitioning and Monitoring (MPAM) subsystem within the Linux kernel. When a Memory System Controller (MSC) supporting memory bandwidth unit (MBWU) monitoring is brought offline and online, the mpam_restore_mbwu_state() function attempts to restore bandwidth counter configuration by issuing an inter-processor interrupt (IPI) to invoke __ris_msmon_read(). The root cause is a missing initialization of the mbwu_arg.val parameter-a pointer to a local variable that receives the bandwidth counter value. The __ris_msmon_read() function attempts to dereference and add to this uninitialized pointer, resulting in a null pointer dereference. This is a straightforward initialization omission (CWE-476 class) within the ARM MPAM driver code path triggered during system state transitions.

RemediationAI

Apply the upstream kernel fix by updating to a patched version containing commits ac3e12bc195786d3d44d730b5b2259fd36191848 or 4ad79c874e53ebb7fe3b8ae7ac6c858a2121f415 from the Linux stable repository (https://git.kernel.org/stable). The fix involves adding a local variable initialization for val before passing it to __ris_msmon_read(), preventing null pointer dereference. Distributions should backport these commits to their respective kernel versions. Users unable to immediately patch should avoid dynamic offlining/onlining of MPAM-enabled memory controllers until a fixed kernel is deployed.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-23433 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy