CVE-2026-23040

The vulnerability is a typo in the mac80211_hwsim driver, a software simulator for wireless hardware used in Linux kernel testing. The NAN (Neighbor Awareness Networking) notification incorrectly specifies 5475 MHz instead of the correct 5745 MHz, which corresponds to channel 149. Since 5475 MHz is not a valid channel, this leads to a NULL pointer dereference in the function cfg80211_next_nan_dw_notif [1].

To exploit this, an attacker would need to trigger the NAN notification path, which typically requires local access or the ability to interact with the simulated wireless interface. The typo causes the kernel to attempt a channel lookup that fails, resulting in a NULL pointer dereference. No authentication is needed beyond local system access.

The impact is a kernel crash (denial of service) due to the NULL pointer dereference. While the description does not indicate privilege escalation, such bugs can sometimes be leveraged for further exploitation under specific conditions.

The fix is included in a Linux kernel stable commit [1]. Users should apply the patch or update to a kernel version containing the correction. No workaround is mentioned, so updating is the recommended mitigation.