Linux Kernel, Memory Handling, CVE-2026-23135 (Medium)

By /

Listen to this Post

The vulnerability arises from a flaw in how the Linux kernel’s ath12k WiFi driver manages DMA (Direct Memory Access) buffers. When the function `dma_alloc_coherent()` is called to create a region of memory usable by both the CPU and a device, it stores the memory addresses in specific fields, often referred to as `XXX_unaligned` . The critical error occurs in the corresponding cleanup function, dma_free_coherent(). Instead of using the originally stored unaligned addresses to release the memory, the code incorrectly uses aligned addresses . This mismatch means the kernel attempts to free the wrong memory pointer, leading to the inability to properly release DMA mappings. This improper handling can corrupt kernel memory, create system instability, and potentially allow a local attacker to trigger a system crash (denial of service) or, in worse cases, execute arbitrary code with kernel privileges due to the memory corruption .

dailycve form:

Platform: Linux Kernel
Version: 6.3 to 6.19
Vulnerability : Improper DMA Pointer
Severity: Medium
date: 02/14/2026

Prediction: Patched 02/18/2026

What Undercode Say:

Analytics:

  • The vulnerability is located in the `drivers/net/wireless/ath/ath12k/ce.c` file .
  • It was introduced in kernel version 6.3 by commit `d889913205cf7ebda905b1e62c5867ed4e39f6c2` .
  • Fixes were backported to stable kernels, including 6.6.122, 6.12.68, and 6.18.8 .
  • The vulnerability has a CVSS v3 base score of 5.5, with a vector of AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a local attack with high availability impact .
  • SUSE rates this as moderate severity with a CVSS v3 score of 4.7, noting a local attack vector with high complexity and high privileges required .

Bash Commands & Codes:

Check your current kernel version
uname -r
Check if your distribution has the patch for CVE-2026-23135
On Debian/Ubuntu:
apt changelog linux-image-$(uname -r) | grep -i CVE-2026-23135
On Red Hat/CentOS/Fedora:
rpm -q --changelog kernel | grep -i CVE-2026-23135
To update the kernel on Ubuntu/Debian:
sudo apt update
sudo apt upgrade linux-image-$(uname -r)
To update the kernel on RHEL/CentOS/Fedora:
sudo yum update kernel
or
sudo dnf update kernel
Reboot the system to apply the new kernel
sudo reboot
After reboot, verify the kernel version and that the system is no longer vulnerable
(Check the changelog or security notices from your distro)

How Exploit:

  1. Access: An attacker must have local access to the system and be able to load or interact with the `ath12k` kernel module, which is used for Qualcomm 802.11ax WiFi chipsets .
  2. Trigger: The exploit would involve initiating a sequence of driver operations that cause the DMA buffer allocation and deallocation processes to occur.
  3. Malfunction: By forcing the driver to free the buffer, the `dma_free_coherent()` function is called with the wrong (aligned) pointer instead of the correct (unaligned) one stored during allocation.
  4. Outcome: This triggers a kernel memory management error, leading to memory corruption. This can be exploited to cause a kernel panic (denial of service) or, with precise memory manipulation, potentially overwrite kernel structures to escalate privileges or execute arbitrary code .

Protection from this CVE:

  • Apply Patches: The primary and most effective protection is to update the Linux kernel to a version that includes the fix .
  • Fixed Versions: Update to kernel versions 6.6.122, 6.12.68, 6.18.8, or any later version that has incorporated the commits 36e0bc5e8b28, 24585a13c41e, 4846b32be324, or `bb97131fbf9b` .
  • Distribution Updates: Install the latest security updates provided by your Linux distribution, as they will backport the fix to their supported kernel versions .
  • Mitigation: If an immediate update is not possible, and if the system does not use the affected ath12k WiFi hardware, ensure the `ath12k` kernel module is blacklisted to prevent it from being loaded. However, this is not a full system fix and will disable the WiFi hardware.

Impact:

  • Availability: A successful exploit can lead to a system crash or kernel panic, resulting in a denial of service .
  • Integrity: Memory corruption can potentially allow an attacker to alter kernel memory, which might lead to the modification of system-critical data .
  • Confidentiality: While the primary impact is on availability, memory corruption in the kernel can sometimes be leveraged to leak sensitive information from kernel memory .
  • System Compromise: In a worst-case scenario, an attacker could leverage this memory corruption to execute arbitrary code with kernel privileges, leading to full system compromise .

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top