{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23084", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.960Z", "datePublished": "2026-02-04T16:08:08.456Z", "dateUpdated": "2026-05-11T21:59:41.422Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:59:41.422Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list\n\nWhen the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is\nset to false, the driver may request the PMAC_ID from the firmware of the\nnetwork card, and this function will store that PMAC_ID at the provided\naddress pmac_id. This is the contract of this function.\n\nHowever, there is a location within the driver where both\npmac_id_valid == false and pmac_id == NULL are being passed. This could\nresult in dereferencing a NULL pointer.\n\nTo resolve this issue, it is necessary to pass the address of a stub\nvariable to the function."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/emulex/benet/be_cmds.c"], "versions": [{"version": "95046b927a54f461766f83a212c6a93bc5fd2e67", "lessThan": "4cba480c9b9a3861a515262225cb53a1f5978344", "status": "affected", "versionType": "git"}, {"version": "95046b927a54f461766f83a212c6a93bc5fd2e67", "lessThan": "92c6dc181a18e6e0ddb872ed35cb48a9274829e4", "status": "affected", "versionType": "git"}, {"version": "95046b927a54f461766f83a212c6a93bc5fd2e67", "lessThan": "6c3e00888dbec887125a08b51a705b9b163fcdd1", "status": "affected", "versionType": "git"}, {"version": "95046b927a54f461766f83a212c6a93bc5fd2e67", "lessThan": "e206fb415db36bad52bb90c08d46ce71ffbe8a80", "status": "affected", "versionType": "git"}, {"version": "95046b927a54f461766f83a212c6a93bc5fd2e67", "lessThan": "47ffb4dcffe336f4a7bd0f3284be7aadc6484698", "status": "affected", "versionType": "git"}, {"version": "95046b927a54f461766f83a212c6a93bc5fd2e67", "lessThan": "31410a01a86bcb98c798d01061abf1f789c4f75a", "status": "affected", "versionType": "git"}, {"version": "95046b927a54f461766f83a212c6a93bc5fd2e67", "lessThan": "8215794403d264739cc676668087512950b2ff31", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/emulex/benet/be_cmds.c"], "versions": [{"version": "3.12", "status": "affected"}, {"version": "0", "lessThan": "3.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.12", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/4cba480c9b9a3861a515262225cb53a1f5978344"}, {"url": "https://git.kernel.org/stable/c/92c6dc181a18e6e0ddb872ed35cb48a9274829e4"}, {"url": "https://git.kernel.org/stable/c/6c3e00888dbec887125a08b51a705b9b163fcdd1"}, {"url": "https://git.kernel.org/stable/c/e206fb415db36bad52bb90c08d46ce71ffbe8a80"}, {"url": "https://git.kernel.org/stable/c/47ffb4dcffe336f4a7bd0f3284be7aadc6484698"}, {"url": "https://git.kernel.org/stable/c/31410a01a86bcb98c798d01061abf1f789c4f75a"}, {"url": "https://git.kernel.org/stable/c/8215794403d264739cc676668087512950b2ff31"}], "title": "be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7CF10EDB-C604-447B-A79C-923E751E9F3B", "versionEndExcluding": "5.10.249", "versionStartIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list\n\nWhen the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is\nset to false, the driver may request the PMAC_ID from the firmware of the\nnetwork card, and this function will store that PMAC_ID at the provided\naddress pmac_id. This is the contract of this function.\n\nHowever, there is a location within the driver where both\npmac_id_valid == false and pmac_id == NULL are being passed. This could\nresult in dereferencing a NULL pointer.\n\nTo resolve this issue, it is necessary to pass the address of a stub\nvariable to the function."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbe2net: Correcci\u00f3n de desreferencia de puntero NULL en be_cmd_get_mac_from_list\n\nCuando el argumento del par\u00e1metro pmac_id_valid de be_cmd_get_mac_from_list() se establece en falso, el controlador puede solicitar el PMAC_ID del firmware de la tarjeta de red, y esta funci\u00f3n almacenar\u00e1 ese PMAC_ID en la direcci\u00f3n pmac_id proporcionada. Este es el contrato de esta funci\u00f3n.\n\nSin embargo, existe una ubicaci\u00f3n dentro del controlador donde se est\u00e1n pasando tanto pmac_id_valid == false como pmac_id == NULL. Esto podr\u00eda resultar en la desreferencia de un puntero NULL.\n\nPara resolver este problema, es necesario pasar la direcci\u00f3n de una variable auxiliar a la funci\u00f3n."}], "id": "CVE-2026-23084", "lastModified": "2026-03-17T21:10:34.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-04T17:16:19.257", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/31410a01a86bcb98c798d01061abf1f789c4f75a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/47ffb4dcffe336f4a7bd0f3284be7aadc6484698"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4cba480c9b9a3861a515262225cb53a1f5978344"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6c3e00888dbec887125a08b51a705b9b163fcdd1"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8215794403d264739cc676668087512950b2ff31"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/92c6dc181a18e6e0ddb872ed35cb48a9274829e4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e206fb415db36bad52bb90c08d46ce71ffbe8a80"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list", "id": "2436816", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436816"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbe2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list\nWhen the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is\nset to false, the driver may request the PMAC_ID from the firmware of the\nnetwork card, and this function will store that PMAC_ID at the provided\naddress pmac_id. This is the contract of this function.\nHowever, there is a location within the driver where both\npmac_id_valid == false and pmac_id == NULL are being passed. This could\nresult in dereferencing a NULL pointer.\nTo resolve this issue, it is necessary to pass the address of a stub\nvariable to the function."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, prevent the be2net module from being loaded if Emulex BladeEngine network adapters are not required. See https://access.redhat.com/solutions/41278 for instructions on how to blacklist a kernel module."}, "name": "CVE-2026-23084", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23084\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23084\nhttps://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23084-8073@gregkh/T"], "statement": "This vulnerability affects systems with Emulex BladeEngine network adapters during MAC address retrieval operations. The crash occurs during normal driver operation, not requiring any special attacker action. Impact is limited to denial of service through kernel panic.", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-17T23:35:50.791813+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to the latest stable release that includes the upstream fix for be2net, or apply the specific patch commit that passes a stub variable to be_cmd_get_mac_from_list. ", "If a kernel upgrade is not feasible, consider disabling or unloading the be2net module to eliminate the vulnerable code path, or apply a local backport patch that ensures the pmac_id parameter is never NULL before the function call. ", "Verify that firmware interactions for the network device are restricted or that the device firmware does not trigger the bug, and monitor system logs for kernel panic indications that may reveal an unpatched instance."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via kernel crash caused by NULL pointer dereference"}, "threat_synthesis": {"affected_systems": "The bug affects Linux kernel versions 6.19 release candidates 1 through 6, as documented by the corresponding CPE strings. All distributions that ship these kernels without the fix are vulnerable.", "description_and_impact": "The vulnerability is a NULL pointer dereference in the be2net network driver function be_cmd_get_mac_from_list, identified as CWE\u2011476. When the driver requests a PMAC_ID from firmware while the pmac_id parameter is NULL, the function dereferences the null pointer and can cause the kernel to crash. A crashed kernel results in a denial of service that requires a reboot to recover. The impact is limited to the kernel\u2019s stability and does not directly expose data but prevents affected systems from operating normally.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a very low likelihood of exploitation. The issue is not listed in CISA\u2019s KEV catalog. The attack vector is inferred to be local: an attacker must have the ability to trigger a firmware interaction that causes the driver to call be_cmd_get_mac_from_list with a NULL pmac_id. No known remote exploitation paths are documented."}}}}, "created": "2026-04-17T23:45:25.809726+00:00", "updated": "2026-04-17T23:45:25.809738+00:00", "vendors": []}