CVE-2026-23042

The vulnerability, identified in the Linux kernel's idpf driver, manifests as a NULL pointer dereference during the auxiliary device unplugging process. The root cause is a missing check for whether vdev_info was allocated for a given virtual port (vport). When a vport's flags do not include VIRTCHNL2_VPORT_ENABLE_RDMA, the driver skips allocating vdev_info for that port. However, the function idpf_idc_vport_dev_down() unconditionally dereferences vdev_info for every vport, leading to a crash when it accesses a NULL pointer [1].

An attacker with the ability to trigger vport unplug operations or influence vport flag configuration could exploit this flaw. The attack surface is local, requiring the ability to manipulate virtual port settings or initiate device removal sequences. No authentication is needed beyond access to the system's device management interfaces. The vulnerability is triggered without special privileges if the attacker can cause a vport without RDMA support to be torn down [1].

Successful exploitation results in a kernel crash (NULL pointer dereference), causing a denial of service (DoS) on the affected system. System availability is compromised, as the kernel panic forces a reboot. There is no indication of privilege escalation or data leakage in the available references [1].

The fix is implemented in the Linux kernel commit 4648fb2f2e7210c53b85220ee07d42d1e4bae3f9. The mitigation adds a check to verify that vdev_info was allocated before proceeding with the aux device unplug. Users are advised to apply the patch from the stable kernel tree to remediate the vulnerability [1].