{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23133", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.971Z", "datePublished": "2026-02-14T15:14:33.102Z", "dateUpdated": "2026-05-11T22:00:46.504Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:00:46.504Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: fix dma_free_coherent() pointer\n\ndma_alloc_coherent() allocates a DMA mapped buffer and stores the\naddresses in XXX_unaligned fields. Those should be reused when freeing\nthe buffer rather than the aligned addresses."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath10k/ce.c"], "versions": [{"version": "2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1", "lessThan": "e2dda298ef809aa201ea7c0904c4d064f6c497cb", "status": "affected", "versionType": "git"}, {"version": "2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1", "lessThan": "fc8da65f9fe1bc6802f8240b342cfff4f5c7e841", "status": "affected", "versionType": "git"}, {"version": "2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1", "lessThan": "b0ad924332a96550a84b8c0ae5483e7042d65fa9", "status": "affected", "versionType": "git"}, {"version": "2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1", "lessThan": "1928851334ecfd6e0d663121ab69ac639d4217a6", "status": "affected", "versionType": "git"}, {"version": "2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1", "lessThan": "5d6fa4d2c9799c09389588da5118a72d97d87e92", "status": "affected", "versionType": "git"}, {"version": "2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1", "lessThan": "07f363f305793baecad41816f73056252f3df61e", "status": "affected", "versionType": "git"}, {"version": "2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1", "lessThan": "9282a1e171ad8d2205067e8ec3bbe4e3cef4f29f", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath10k/ce.c"], "versions": [{"version": "4.16", "status": "affected"}, {"version": "0", "lessThan": "4.16", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.16", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/e2dda298ef809aa201ea7c0904c4d064f6c497cb"}, {"url": "https://git.kernel.org/stable/c/fc8da65f9fe1bc6802f8240b342cfff4f5c7e841"}, {"url": "https://git.kernel.org/stable/c/b0ad924332a96550a84b8c0ae5483e7042d65fa9"}, {"url": "https://git.kernel.org/stable/c/1928851334ecfd6e0d663121ab69ac639d4217a6"}, {"url": "https://git.kernel.org/stable/c/5d6fa4d2c9799c09389588da5118a72d97d87e92"}, {"url": "https://git.kernel.org/stable/c/07f363f305793baecad41816f73056252f3df61e"}, {"url": "https://git.kernel.org/stable/c/9282a1e171ad8d2205067e8ec3bbe4e3cef4f29f"}], "title": "wifi: ath10k: fix dma_free_coherent() pointer", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7890100-2475-49B0-BE7F-02AA4C41DFA7", "versionEndExcluding": "5.10.249", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: fix dma_free_coherent() pointer\n\ndma_alloc_coherent() allocates a DMA mapped buffer and stores the\naddresses in XXX_unaligned fields. Those should be reused when freeing\nthe buffer rather than the aligned addresses."}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nwifi: ath10k: correcci\u00f3n del puntero dma_free_coherent()\n\ndma_alloc_coherent() asigna un b\u00fafer mapeado por DMA y almacena las direcciones en campos XXX_unaligned. Esas deber\u00edan ser reutilizadas al liberar el b\u00fafer en lugar de las direcciones alineadas."}], "id": "CVE-2026-23133", "lastModified": "2026-03-17T21:16:34.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T16:15:53.270", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/07f363f305793baecad41816f73056252f3df61e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1928851334ecfd6e0d663121ab69ac639d4217a6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5d6fa4d2c9799c09389588da5118a72d97d87e92"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/9282a1e171ad8d2205067e8ec3bbe4e3cef4f29f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b0ad924332a96550a84b8c0ae5483e7042d65fa9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/e2dda298ef809aa201ea7c0904c4d064f6c497cb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/fc8da65f9fe1bc6802f8240b342cfff4f5c7e841"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: wifi: ath10k: fix dma_free_coherent() pointer", "id": "2439846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439846"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["No description is available for this CVE."], "name": "CVE-2026-23133", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23133\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23133\nhttps://lore.kernel.org/linux-cve-announce/2026021437-CVE-2026-23133-19ce@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1,e2dda298ef809aa201ea7c0904c4d064f6c497cb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1,fc8da65f9fe1bc6802f8240b342cfff4f5c7e841)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1,b0ad924332a96550a84b8c0ae5483e7042d65fa9)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1,1928851334ecfd6e0d663121ab69ac639d4217a6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1,5d6fa4d2c9799c09389588da5118a72d97d87e92)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1,07f363f305793baecad41816f73056252f3df61e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[2a1e1ad3fd37a632b61f50e73dafddb4b0fa57f1,9282a1e171ad8d2205067e8ec3bbe4e3cef4f29f)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.16"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.16)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.249,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.199,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.162,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.122,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.68,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.8,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-18T19:41:08.246679+00:00", "value": {"mitigation_remediation": ["Upgrade to a Linux kernel version that includes the commit fixing the dma_free_coherent pointer mismatch", "If a suitable kernel update is not available, apply the upstream patch to the ath10k driver source and rebuild the kernel", "Reboot the system after installing the patch and monitor kernel logs for signs of memory corruption or unexpected behavior"], "summary": {"action": "Apply Patch", "impact": "Kernel memory corruption"}, "threat_synthesis": {"affected_systems": "All Linux kernel builds that include the ath10k driver and have not yet incorporated the fix commit are affected. This includes the generic Linux kernel and the 6.19 release\u2011candidate series from rc1 through rc6 as identified by the CPE strings. Users running any of these kernel versions without the patch are vulnerable.", "description_and_impact": "A flaw in the ath10k wireless driver for the Linux kernel causes the DMA buffer freeing routine to use the wrong pointer. The allocation routine saves both aligned and unaligned addresses; the free routine should reuse the unaligned pointer but currently uses the aligned one. This mismatch can corrupt kernel memory, potentially allowing an attacker to alter kernel data structures. The official CVE text only states the risk of memory corruption; specific downstream effects such as privilege escalation are inferred but not explicitly documented in the input.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate likelihood of exploitation. The EPSS score of less than 1% suggests that the probability of an exploit being observed is very low. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require an attacker able to trigger a DMA operation in the ath10k driver, which could be achieved via crafted network traffic or malformed wireless packets, implying a local or remote network\u2011based attack vector. These details are inferred from the description rather than explicitly stated in the source."}}}}, "created": "2026-02-16T12:01:34.199569+00:00", "updated": "2026-04-18T19:45:08.973925+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-762"]}