Listen to this Post
In the Linux kernel, a vulnerability exists in the ath10k WiFi driver’s handling of DMA (Direct Memory Access) memory. The function `dma_alloc_coherent()` is used to allocate a buffer that is accessible by both the CPU and a device. This function returns the address of the buffer. In the ath10k driver, these original addresses are stored in structure fields named with an `_unaligned` suffix. For operational use, the driver may work with aligned versions of these addresses. The vulnerability, CVE-2026-23133, occurs because the driver incorrectly passes the aligned address, rather than the original `_unaligned` address stored during allocation, to the corresponding `dma_free_coherent()` function when it is time to release the memory. Freeing a pointer that was not the one returned by the allocation function confuses the memory management subsystem, leading to kernel memory corruption, system instability, or a crash. This flaw is present because the pointer used for deallocation does not match the pointer from the allocation .
dailycve form:
Platform: Linux Kernel
Version: 4.16 to 6.18.8
Vulnerability : DMA pointer mismatch
Severity: Medium (CVSS 5.5)
date: 2026-02-14
Prediction: Patches already available
What Undercode Say:
Analytics
CVE-2026-23133 is a memory management flaw in the ath10k WiFi driver affecting the Linux kernel. Introduced in version 4.16, the vulnerability can lead to system crashes due to incorrect DMA buffer deallocation . It is considered a medium-severity issue with a CVSS score of 5.5, requiring local access to trigger . Major Linux distributions like Ubuntu and SUSE have marked various versions of their kernels as vulnerable, necessitating updates .
Exploit:
The vulnerability is not trivially exploitable for code execution but causes a denial of service.
This flaw is triggered during normal operation of the ath10k driver when it frees DMA buffers. An attacker with local access would need to trigger specific wireless operations to cause the memory corruption. Example of the type of kernel log error (dmesg) that might be observed: [ 1060.550132] [ cut here ] [ 1060.550145] WARNING: CPU: 1 PID: 231 at drivers/net/wireless/ath/ath10k/ce.c:XXX ath10k_ce_free_pipe+0xYYY/0xZZZ [bash] [ 1060.550153] Modules linked in: ... [ 1060.550201] Call Trace: [ 1060.550208] <TASK> [ 1060.550214] ? show_trace_log_lvl+0x1d6/0x2f0 [ 1060.550230] ? __warn+0x89/0x150 [ 1060.550240] ? ath10k_ce_free_pipe+0xYYY/0xZZZ [bash] [ 1060.550260] ... (stack trace showing invalid free) [ 1060.550310] [ end trace 1234567890abcdef ]
Protection from this CVE
1. Update the Linux kernel to a patched version. For example, on Debian/Ubuntu: sudo apt update && sudo apt upgrade linux-image-generic On RHEL/CentOS: sudo yum update kernel 2. If an immediate update is not possible, temporarily unload the vulnerable driver: sudo modprobe -r ath10k_pci && sudo modprobe -r ath10k_core 3. Blacklist the driver to prevent it from loading on boot as a temporary workaround: echo "blacklist ath10k_pci" | sudo tee /etc/modprobe.d/blacklist-ath10k.conf 4. Reboot the system to apply the changes: sudo reboot 5. After reboot, verify the kernel version is updated: uname -r
Impact
The primary impact of CVE-2026-23133 is on system availability. By triggering the DMA pointer mismatch, an attacker with local access can cause a kernel panic or system crash, leading to a denial of service. Systems using Qualcomm Atheros 802.11ac wireless chipsets that rely on the ath10k driver are susceptible . While there is no evidence of remote code execution, the memory corruption undermines system stability and can be leveraged in a multi-step local attack to potentially escalate privileges or cause further damage .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

