{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23019", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.940Z", "datePublished": "2026-01-31T11:39:03.179Z", "dateUpdated": "2026-05-11T21:58:25.953Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:25.953Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix NULL dereference on devlink_alloc() failure\n\ndevlink_alloc() may return NULL on allocation failure, but\nprestera_devlink_alloc() unconditionally calls devlink_priv() on\nthe returned pointer.\n\nThis leads to a NULL pointer dereference if devlink allocation fails.\nAdd a check for a NULL devlink pointer and return NULL early to avoid\nthe crash."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/prestera/prestera_devlink.c"], "versions": [{"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25", "lessThan": "8a4333b2818f0d853b43e139936c20659366e4a0", "status": "affected", "versionType": "git"}, {"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25", "lessThan": "325aea74be7e192b5c947c782da23b0d19a5fda2", "status": "affected", "versionType": "git"}, {"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25", "lessThan": "94e070cd50790317fba7787ae6006934b7edcb6f", "status": "affected", "versionType": "git"}, {"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25", "lessThan": "3950054c9512add0cc79ab7e72b6d2f9f675e25b", "status": "affected", "versionType": "git"}, {"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25", "lessThan": "326a4b7e61d01db3507f71c8bb5e85362f607064", "status": "affected", "versionType": "git"}, {"version": "34dd1710f5a3c9a7dc78e1ff6de69a19d407db25", "lessThan": "a428e0da1248c353557970848994f35fd3f005e2", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/prestera/prestera_devlink.c"], "versions": [{"version": "5.10", "status": "affected"}, {"version": "0", "lessThan": "5.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.198", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.161", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.121", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.66", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.6", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "5.15.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.1.161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.6.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.12.66"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.18.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8a4333b2818f0d853b43e139936c20659366e4a0"}, {"url": "https://git.kernel.org/stable/c/325aea74be7e192b5c947c782da23b0d19a5fda2"}, {"url": "https://git.kernel.org/stable/c/94e070cd50790317fba7787ae6006934b7edcb6f"}, {"url": "https://git.kernel.org/stable/c/3950054c9512add0cc79ab7e72b6d2f9f675e25b"}, {"url": "https://git.kernel.org/stable/c/326a4b7e61d01db3507f71c8bb5e85362f607064"}, {"url": "https://git.kernel.org/stable/c/a428e0da1248c353557970848994f35fd3f005e2"}], "title": "net: marvell: prestera: fix NULL dereference on devlink_alloc() failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "514008AF-BA30-436D-B5A2-440E66D7CB69", "versionEndExcluding": "5.15.198", "versionStartIncluding": "5.10.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E135B7E2-61FC-4DC1-8570-ABD67894FFDE", "versionEndExcluding": "6.1.161", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB7A164B-7422-4A1C-82FB-5FCAEE53C06C", "versionEndExcluding": "6.6.121", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F72B884C-B44F-40E4-9895-CE421AC663D0", "versionEndExcluding": "6.12.66", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "879529BC-5B4C-4EBE-BF1D-1A31404A8B2E", "versionEndExcluding": "6.18.6", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*", "matchCriteriaId": "B29EBB93-107F-4ED6-8DE3-C2732BC659C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*", "matchCriteriaId": "F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*", "matchCriteriaId": "EB5B7DFC-C36B-45D8-922C-877569FDDF43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix NULL dereference on devlink_alloc() failure\n\ndevlink_alloc() may return NULL on allocation failure, but\nprestera_devlink_alloc() unconditionally calls devlink_priv() on\nthe returned pointer.\n\nThis leads to a NULL pointer dereference if devlink allocation fails.\nAdd a check for a NULL devlink pointer and return NULL early to avoid\nthe crash."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: marvell: prestera: corregir desreferencia NULL en caso de fallo de devlink_alloc()\n\ndevlink_alloc() puede devolver NULL en caso de fallo de asignaci\u00f3n, pero prestera_devlink_alloc() llama incondicionalmente a devlink_priv() sobre el puntero devuelto.\n\nEsto conduce a una desreferencia de puntero NULL si la asignaci\u00f3n de devlink falla.\nA\u00f1adir una comprobaci\u00f3n para un puntero devlink NULL y devolver NULL anticipadamente para evitar el fallo."}], "id": "CVE-2026-23019", "lastModified": "2026-03-25T15:55:44.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-01-31T12:16:05.207", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/325aea74be7e192b5c947c782da23b0d19a5fda2"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/326a4b7e61d01db3507f71c8bb5e85362f607064"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3950054c9512add0cc79ab7e72b6d2f9f675e25b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8a4333b2818f0d853b43e139936c20659366e4a0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/94e070cd50790317fba7787ae6006934b7edcb6f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a428e0da1248c353557970848994f35fd3f005e2"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: net: marvell: prestera: fix NULL dereference on devlink_alloc() failure", "id": "2435666", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435666"}, "csaw": false, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nnet: marvell: prestera: fix NULL dereference on devlink_alloc() failure\ndevlink_alloc() may return NULL on allocation failure, but\nprestera_devlink_alloc() unconditionally calls devlink_priv() on\nthe returned pointer.\nThis leads to a NULL pointer dereference if devlink allocation fails.\nAdd a check for a NULL devlink pointer and return NULL early to avoid\nthe crash."], "name": "CVE-2026-23019", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-01-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23019\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23019\nhttps://lore.kernel.org/linux-cve-announce/2026013135-CVE-2026-23019-dce2@gregkh/T"]}

{"analysis": {"en": {"generated_at": "2026-04-18T14:26:38.721371+00:00", "value": {"mitigation_remediation": ["Apply the upstream kernel patch that adds a NULL check on devlink_alloc() and rebuild the kernel or install an updated kernel that includes the fix.", "If an update is not feasible, disable or unload the Marvell Prestera driver to prevent triggering the crash.", "Monitor system logs for NULL dereference or kernel panic messages and configure alerting to detect exploitation attempts."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Linux kernel implementations that include the Marvell Prestera driver. Affected releases include kernel versions up to at least 6.19 release candidates, as reflected in the common platform enumeration strings. All systems running kernel code with this driver are potentially impacted, regardless of the Debian, Ubuntu, or other distribution distribution, provided the device is present.", "description_and_impact": "A NULL pointer dereference occurs in the Marvell Prestera network driver when devlink_alloc() fails during device initialization. The driver unconditionally calls devlink_priv() on the returned pointer, which is NULL upon allocation failure. This causes a kernel crash, resulting in a denial of service that may bring down the host or require a reboot. The weakness is classified as CWE-476, indicating a null pointer dereference vulnerability.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is local to the host; an attacker with ability to influence network traffic to a device on a system with the Prestera driver could trigger allocation failure. The crash can lead to a system reboot or kernel panic, causing service disruption."}}}}, "created": "2026-04-18T14:30:02.944557+00:00", "updated": "2026-04-18T14:30:02.944574+00:00", "vendors": []}