{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T09:35:34.247","vulnerabilities":[{"cve":{"id":"CVE-2026-23017","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-01-31T12:16:05.000","lastModified":"2026-03-25T18:03:35.820","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix error handling in the init_task on load\n\nIf the init_task fails during a driver load, we end up without vports and\nnetdevs, effectively failing the entire process. In that state a\nsubsequent reset will result in a crash as the service task attempts to\naccess uninitialized resources. Following trace is from an error in the\ninit_task where the CREATE_VPORT (op 501) is rejected by the FW:\n\n[40922.763136] idpf 0000:83:00.0: Device HW Reset initiated\n[40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)\n[40958.148190] idpf 0000:83:00.0: HW reset detected\n[40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8\n...\n[40958.168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf]\n[40958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf]\n...\n[40958.177932] Call Trace:\n[40958.178491]  <TASK>\n[40958.179040]  process_one_work+0x226/0x6d0\n[40958.179609]  worker_thread+0x19e/0x340\n[40958.180158]  ? __pfx_worker_thread+0x10/0x10\n[40958.180702]  kthread+0x10f/0x250\n[40958.181238]  ? __pfx_kthread+0x10/0x10\n[40958.181774]  ret_from_fork+0x251/0x2b0\n[40958.182307]  ? __pfx_kthread+0x10/0x10\n[40958.182834]  ret_from_fork_asm+0x1a/0x30\n[40958.183370]  </TASK>\n\nFix the error handling in the init_task to make sure the service and\nmailbox tasks are disabled if the error happens during load. These are\nstarted in idpf_vc_core_init(), which spawns the init_task and has no way\nof knowing if it failed. If the error happens on reset, following\nsuccessful driver load, the tasks can still run, as that will allow the\nnetdevs to attempt recovery through another reset. Stop the PTP callbacks\neither way as those will be restarted by the call to idpf_vc_core_init()\nduring a successful reset."},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nidpf: corrige el manejo de errores en la init_task durante la carga\n\nSi la init_task falla durante la carga de un controlador, terminamos sin vports y netdevs, lo que provoca el fallo de todo el proceso. En ese estado, un reinicio posterior resultará en un fallo ya que la tarea de servicio intenta acceder a recursos no inicializados. La siguiente traza es de un error en la init_task donde el CREATE_VPORT (op 501) es rechazado por el FW:\n\n[40922.763136] idpf 0000:83:00.0: Device HW Reset initiated\n[40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)\n[40958.148190] idpf 0000:83:00.0: HW reset detected\n[40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8\n...\n[40958.168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf]\n[40958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf]\n...\n[40958.177932] Call Trace:\n[40958.178491]  \n[40958.179040]  process_one_work+0x226/0x6d0\n[40958.179609]  worker_thread+0x19e/0x340\n[40958.180158]  ? __pfx_worker_thread+0x10/0x10\n[40958.180702]  kthread+0x10f/0x250\n[40958.181238]  ? __pfx_kthread+0x10/0x10\n[40958.181774]  ret_from_fork+0x251/0x2b0\n[40958.182307]  ? __pfx_kthread+0x10/0x10\n[40958.182834]  ret_from_fork_asm+0x1a/0x30\n[40958.183370]  \n\nCorrige el manejo de errores en la init_task para asegurar que las tareas de servicio y de buzón estén deshabilitadas si el error ocurre durante la carga. Estas se inician en idpf_vc_core_init(), que genera la init_task y no tiene forma de saber si falló. Si el error ocurre en el reinicio, después de una carga exitosa del controlador, las tareas aún pueden ejecutarse, ya que eso permitirá a los netdevs intentar la recuperación a través de otro reinicio. Detén las devoluciones de llamada de PTP de cualquier manera, ya que estas se reiniciarán con la llamada a idpf_vc_core_init() durante un reinicio exitoso."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7.1","versionEndExcluding":"6.18.6","matchCriteriaId":"9B2950B8-6A42-43B4-85D8-25F244158168"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*","matchCriteriaId":"62B55B1B-7D3E-499B-9C42-E9F1EF05A54A"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc7:*:*:*:*:*:*","matchCriteriaId":"F5DC0CA6-F0AF-4DDF-A882-3DADB9A886A7"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc8:*:*:*:*:*:*","matchCriteriaId":"EB5B7DFC-C36B-45D8-922C-877569FDDF43"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4d792219fe6f891b5b557a607ac8a0a14eda6e38","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/a514c374edcd33581cdcccf8faa7cc606a600319","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}