{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23040", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.944Z", "datePublished": "2026-02-04T16:00:23.897Z", "dateUpdated": "2026-05-11T21:58:50.390Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:58:50.390Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: fix typo in frequency notification\n\nThe NAN notification is for 5745 MHz which corresponds to channel 149\nand not 5475 which is not actually a valid channel. This could result in\na NULL pointer dereference in cfg80211_next_nan_dw_notif."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/virtual/mac80211_hwsim.c"], "versions": [{"version": "a37a6f54439bf82b827a7072415d3a4afa4e12bd", "lessThan": "1251bbdb8f5b2ea86ca9b4268a2e6aa34372ab33", "status": "affected", "versionType": "git"}, {"version": "a37a6f54439bf82b827a7072415d3a4afa4e12bd", "lessThan": "333418872bfecf4843f1ded7a4151685dfcf07d5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/virtual/mac80211_hwsim.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.6", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1251bbdb8f5b2ea86ca9b4268a2e6aa34372ab33"}, {"url": "https://git.kernel.org/stable/c/333418872bfecf4843f1ded7a4151685dfcf07d5"}], "title": "wifi: mac80211_hwsim: fix typo in frequency notification", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: fix typo in frequency notification\n\nThe NAN notification is for 5745 MHz which corresponds to channel 149\nand not 5475 which is not actually a valid channel. This could result in\na NULL pointer dereference in cfg80211_next_nan_dw_notif."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nwifi: mac80211_hwsim: corregir errata en la notificaci\u00f3n de frecuencia\n\nLa notificaci\u00f3n NAN es para 5745 MHz, que corresponde al canal 149 y no a 5475, que en realidad no es un canal v\u00e1lido. Esto podr\u00eda resultar en una desreferencia de puntero NULL en cfg80211_next_nan_dw_notif."}], "id": "CVE-2026-23040", "lastModified": "2026-04-15T00:35:42.020", "metrics": {}, "published": "2026-02-04T16:16:19.460", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1251bbdb8f5b2ea86ca9b4268a2e6aa34372ab33"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/333418872bfecf4843f1ded7a4151685dfcf07d5"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Deferred"}

{"bugzilla": {"description": "kernel: wifi: mac80211_hwsim: fix typo in frequency notification", "id": "2436806", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436806"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23040", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23040\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23040\nhttps://lore.kernel.org/linux-cve-announce/2026020438-CVE-2026-23040-1980@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T18:31:48.851947+00:00", "value": {"mitigation_remediation": ["Apply the latest Linux kernel update that includes the mac80211_hwsim fix.", "If the system does not require the mac80211_hwsim module, disable or remove it to eliminate the attack surface.", "Restrict exposure of Wi\u2011Fi interfaces by applying network isolation or firewall rules to block incoming traffic that could trigger the NAN notification."], "summary": {"action": "Apply Patch", "impact": "Kernel Crash (Denial of Service)"}, "threat_synthesis": {"affected_systems": "All Linux kernel distributions that include the mac80211_hwsim module and have not yet incorporated the patch found in commit 1251bbdb8f5b2ea86ca9b4268a2e6aa34372ab33. The affected kernel versions are unspecified, so any release containing the buggy code should be considered vulnerable until the fix is applied.", "description_and_impact": "The Linux kernel's Wi\u2011Fi subsystem, mac80211_hwsim, contains a typo in the frequency notification for NAN. This mistake causes the code to interpret 5745\u202fMHz as channel\u202f149, while 5475\u202fMHz is an invalid channel. A null pointer dereference occurs in cfg80211_next_nan_dw_notif when the incorrect notification is processed. Based on the description, it is inferred that an attacker capable of triggering the NAN notification could cause the kernel to crash, which would de\u2011synchronize the operating system and likely lead to a reboot or service outage.", "risk_and_exploitability": "The CVSS base score of 7.0 denotes moderate severity. The EPSS score of less than 1% indicates a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the exploit would require sending crafted Wi\u2011Fi frames or otherwise inducing a NAN notification, making the attack vector local to machines with active wireless interfaces that are reachable by the malicious traffic."}}}}, "created": "2026-04-18T18:45:05.745093+00:00", "updated": "2026-04-18T18:45:05.745104+00:00", "vendors": [], "weaknesses": ["CWE-476"]}