Home

Description

In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is brought offline and then online, mpam_restore_mbwu_state() calls __ris_msmon_read() via ipi to restore the configuration of the bandwidth counters. It doesn't care about the value read, mbwu_arg.val, and doesn't set it leading to a null pointer dereference when __ris_msmon_read() adds to it. This results in a kernel oops with a call trace such as: Call trace: __ris_msmon_read+0x19c/0x64c (P) mpam_restore_mbwu_state+0xa0/0xe8 smp_call_on_cpu_callback+0x1c/0x38 process_one_work+0x154/0x4b4 worker_thread+0x188/0x310 kthread+0x11c/0x130 ret_from_fork+0x10/0x20 Provide a local variable for val to avoid __ris_msmon_read() dereferencing a null pointer when adding to val.

PUBLISHED Reserved 2026-01-13 | Published 2026-04-03 | Updated 2026-05-11 | Assigner Linux

Product status

Default status
unaffected

41e8a14950e1732af51cfec8fa09f8ded02a5ca9 (git) before ac3e12bc195786d3d44d730b5b2259fd36191848
affected

41e8a14950e1732af51cfec8fa09f8ded02a5ca9 (git) before 4ad79c874e53ebb7fe3b8ae7ac6c858a2121f415
affected

Default status
affected

6.19
affected

Any version before 6.19
unaffected

6.19.10 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/ac3e12bc195786d3d44d730b5b2259fd36191848

git.kernel.org/...c/4ad79c874e53ebb7fe3b8ae7ac6c858a2121f415

cve.org (CVE-2026-23433)

nvd.nist.gov (CVE-2026-23433)

Download JSON