CVE-2026-23396— Linux kernel 安全漏洞
影响版本矩阵 18
| 厂商 | 产品 | 版本范围 | 状态 |
|---|---|---|---|
| Linux | Linux | 2e3c8736820bf72a8ad10721c7e31d36d4fa7790< 14a4fd13657a3f2489db6566f081adfb27a49c64 | affected |
2e3c8736820bf72a8ad10721c7e31d36d4fa7790< 74de6fa472b03bc8cde0a081484e9960bcbda568 | affected | ||
2e3c8736820bf72a8ad10721c7e31d36d4fa7790< c1e3f2416fb27c816ce96d747d3e784e31f4d95c | affected | ||
2e3c8736820bf72a8ad10721c7e31d36d4fa7790< 0a4da176ae4b4e075a19c00d3e269cfd5e05a813 | affected | ||
2e3c8736820bf72a8ad10721c7e31d36d4fa7790< a90279e7f7ea0b7e923a1c5ebee9a6b78b6d1004 | affected | ||
2e3c8736820bf72a8ad10721c7e31d36d4fa7790< 44699c6cdfce80a0f296b54ae9314461e3e41b3d | affected | ||
2e3c8736820bf72a8ad10721c7e31d36d4fa7790< 7c55a3deaf7eaaafa2546f8de7fed19382a0a116 | affected | ||
2e3c8736820bf72a8ad10721c7e31d36d4fa7790< c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd | affected | ||
| … +10 条更多 | |||
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-23396 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
wifi: mac80211: fix NULL deref in mesh_matches_local()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref in mesh_matches_local() mesh_matches_local() unconditionally dereferences ie->mesh_config to compare mesh configuration parameters. When called from mesh_rx_csa_frame(), the parsed action-frame elements may not contain a Mesh Configuration IE, leaving ie->mesh_config NULL and triggering a kernel NULL pointer dereference. The other two callers are already safe: - ieee80211_mesh_rx_bcn_presp() checks !elems->mesh_config before calling mesh_matches_local() - mesh_plink_get_event() is only reached through mesh_process_plink_frame(), which checks !elems->mesh_config, too mesh_rx_csa_frame() is the only caller that passes raw parsed elements to mesh_matches_local() without guarding mesh_config. An adjacent attacker can exploit this by sending a crafted CSA action frame that includes a valid Mesh ID IE but omits the Mesh Configuration IE, crashing the kernel. The captured crash log: Oops: general protection fault, probably for non-canonical address ... KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] Workqueue: events_unbound cfg80211_wiphy_work [...] Call Trace: <TASK> ? __pfx_mesh_matches_local (net/mac80211/mesh.c:65) ieee80211_mesh_rx_queued_mgmt (net/mac80211/mesh.c:1686) [...] ieee80211_iface_work (net/mac80211/iface.c:1754 net/mac80211/iface.c:1802) [...] cfg80211_wiphy_work (net/wireless/core.c:426) process_one_work (net/kernel/workqueue.c:3280) ? assign_work (net/kernel/workqueue.c:1219) worker_thread (net/kernel/workqueue.c:3352) ? __pfx_worker_thread (net/kernel/workqueue.c:3385) kthread (net/kernel/kthread.c:436) [...] ret_from_fork_asm (net/arch/x86/entry/entry_64.S:255) </TASK> This patch adds a NULL check for ie->mesh_config at the top of mesh_matches_local() to return false early when the Mesh Configuration IE is absent.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于mesh_matches_local函数无条件解引用空指针,可能导致内核崩溃。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
二、漏洞 CVE-2026-23396 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-23396 的情报信息
请登录查看更多情报信息。
CVE-2026-23396 补丁与修复 (6)
同批安全公告 · Linux · 2026-03-26 · 共 3 条
| CVE-2026-23398 | Linux kernel 安全漏洞 | |
| CVE-2026-23397 | Linux kernel 安全漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-23396
暂无评论