Bug 2436816 (CVE-2026-23084)

Summary:	CVE-2026-23084 kernel: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	Keywords:	Security
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	A NULL pointer dereference vulnerability was found in the Linux kernel's be2net driver for Emulex BladeEngine network adapters. The be_cmd_get_mac_from_list() function is called with pmac_id_valid set to false and pmac_id set to NULL, violating the function's contract. When the function attempts to store the PMAC_ID retrieved from firmware at the NULL address, a kernel crash occurs.	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-02-04 17:04:47 UTC

In the Linux kernel, the following vulnerability has been resolved:

be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list

When the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is
set to false, the driver may request the PMAC_ID from the firmware of the
network card, and this function will store that PMAC_ID at the provided
address pmac_id. This is the contract of this function.

However, there is a location within the driver where both
pmac_id_valid == false and pmac_id == NULL are being passed. This could
result in dereferencing a NULL pointer.

To resolve this issue, it is necessary to pass the address of a stub
variable to the function.

Comment 1 Jon Moroney 2026-02-04 20:16:47 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23084-8073@gregkh/T