{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23070", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.955Z", "datePublished": "2026-02-04T16:07:50.675Z", "dateUpdated": "2026-05-11T21:59:25.131Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:25.131Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nOcteontx2-af: Add proper checks for fwdata\n\nfirmware populates MAC address, link modes (supported, advertised)\nand EEPROM data in shared firmware structure which kernel access\nvia MAC block(CGX/RPM).\n\nAccessing fwdata, on boards booted with out MAC block leading to\nkernel panics.\n\nInternal error: Oops: 0000000096000005 [#1] SMP\n[ 10.460721] Modules linked in:\n[ 10.463779] CPU: 0 UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-00154-g76ec646abdf7-dirty #3 PREEMPT\n[ 10.474045] Hardware name: Marvell OcteonTX CN98XX board (DT)\n[ 10.479793] Workqueue: events work_for_cpu_fn\n[ 10.484159] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 10.491124] pc : rvu_sdp_init+0x18/0x114\n[ 10.495051] lr : rvu_probe+0xe58/0x1d18"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c", "drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c"], "versions": [{"version": "997814491cee7b19c162ad82439818e555f99ad9", "lessThan": "079050a23de6b7505595e4af75b36c34f0e9627e", "status": "affected", "versionType": "git"}, {"version": "997814491cee7b19c162ad82439818e555f99ad9", "lessThan": "e343973fab43c266a40e4e0dabdc4216db6d5eff", "status": "affected", "versionType": "git"}, {"version": "997814491cee7b19c162ad82439818e555f99ad9", "lessThan": "4a3dba48188208e4f66822800e042686784d29d1", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c", "drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c"], "versions": [{"version": "6.9", "status": "affected"}, {"version": "0", "lessThan": "6.9", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.9", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/079050a23de6b7505595e4af75b36c34f0e9627e"}, {"url": "https://git.kernel.org/stable/c/e343973fab43c266a40e4e0dabdc4216db6d5eff"}, {"url": "https://git.kernel.org/stable/c/4a3dba48188208e4f66822800e042686784d29d1"}], "title": "Octeontx2-af: Add proper checks for fwdata", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "240E945F-1F73-4084-A636-E697646B035B", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nOcteontx2-af: Add proper checks for fwdata\n\nfirmware populates MAC address, link modes (supported, advertised)\nand EEPROM data in shared firmware structure which kernel access\nvia MAC block(CGX/RPM).\n\nAccessing fwdata, on boards booted with out MAC block leading to\nkernel panics.\n\nInternal error: Oops: 0000000096000005 [#1] SMP\n[ 10.460721] Modules linked in:\n[ 10.463779] CPU: 0 UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-00154-g76ec646abdf7-dirty #3 PREEMPT\n[ 10.474045] Hardware name: Marvell OcteonTX CN98XX board (DT)\n[ 10.479793] Workqueue: events work_for_cpu_fn\n[ 10.484159] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 10.491124] pc : rvu_sdp_init+0x18/0x114\n[ 10.495051] lr : rvu_probe+0xe58/0x1d18"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nOcteontx2-af: A\u00f1adir comprobaciones adecuadas para fwdata\n\nEl firmware rellena la direcci\u00f3n MAC, los modos de enlace (soportados, anunciados) y los datos de la EEPROM en una estructura de firmware compartida a la que el kernel accede a trav\u00e9s del bloque MAC (CGX/RPM).\n\nAcceder a fwdata, en placas arrancadas sin bloque MAC, lleva a p\u00e1nicos del kernel.\n\nError interno: Oops: 0000000096000005 [#1] SMP\n[ 10.460721] M\u00f3dulos enlazados:\n[ 10.463779] CPU: 0 UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-00154-g76ec646abdf7-dirty #3 PREEMPT\n[ 10.474045] Nombre del hardware: Marvell OcteonTX CN98XX board (DT)\n[ 10.479793] Cola de trabajo: events work_for_cpu_fn\n[ 10.484159] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 10.491124] pc : rvu_sdp_init+0x18/0x114\n[ 10.495051] lr : rvu_probe+0xe58/0x1d18"}], "id": "CVE-2026-23070", "lastModified": "2026-03-25T11:16:18.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:17.717", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/079050a23de6b7505595e4af75b36c34f0e9627e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4a3dba48188208e4f66822800e042686784d29d1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e343973fab43c266a40e4e0dabdc4216db6d5eff"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: Octeontx2-af: Add proper checks for fwdata", "id": "2436763", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436763"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23070", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23070\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23070\nhttps://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23070-2fcd@gregkh/T"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-16T06:59:20.549077+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the patch for Octeontx2-af, such as 6.19.0-rc5 or later stable releases.", "Apply the specific commit that adds proper checks for fwdata to your kernel source tree and rebuild the kernel if a newer release is not available.", "Reconfigure your OcteonTX hardware to ensure the MAC block is present and active during boot, which prevents the kernel from accessing uninitialized firmware data.", "Monitor kernel logs for any unexpected panics and verify that the system remains stable after the update."], "summary": {"action": "Apply Patch", "impact": "Denial of Service (Kernel Panic)"}, "threat_synthesis": {"affected_systems": "The issue is present in the Linux kernel for versions 6.19\u2011rc1 through 6.19\u2011rc6, particularly on hardware that uses the OcteonTX interface such as the Marvell OcteonTX CN98XX board. Any Linux installation that boots this board without an initialized MAC block is susceptible.", "description_and_impact": "The vulnerability arises when firmware populates MAC address, link modes, and EEPROM data in a shared structure that the kernel accesses via the MAC block. If a system boots without a MAC block, the kernel attempts to read this data, leading to an internal fault and a kernel panic. The result is a denial of service that completely halts the affected system. The weakness is a missing validation of firmware data prior to access, which aligns with a null pointer dereference type failure.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity, while the EPSS score of less than 1% shows a very low probability of exploitation in the near term. The vulnerability is not listed in the CISA KEV catalog, further suggesting it is not widely known or actively exploited. Based on the description, the likely attack vector is local physical access at boot time, where an attacker can trigger the kernel crash by deactivating or omitting the MAC block during system initialization. Exploitation requires no network connectivity and is confined to the affected system itself."}}}}, "created": "2026-04-16T07:00:11.010880+00:00", "updated": "2026-04-16T07:00:11.010936+00:00", "vendors": []}