Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

017 - Ir a la línea de ayuda en Ciberseguridad    Ir a Agenda     Ir a Sala de prensa     Ir a suscripción de boletines

Ir al buscador

CVE-2026-23017

Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
31/01/2026
Última modificación:
31/01/2026

Descripción

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> idpf: fix error handling in the init_task on load<br /> <br /> If the init_task fails during a driver load, we end up without vports and<br /> netdevs, effectively failing the entire process. In that state a<br /> subsequent reset will result in a crash as the service task attempts to<br /> access uninitialized resources. Following trace is from an error in the<br /> init_task where the CREATE_VPORT (op 501) is rejected by the FW:<br /> <br /> [40922.763136] idpf 0000:83:00.0: Device HW Reset initiated<br /> [40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)<br /> [40958.148190] idpf 0000:83:00.0: HW reset detected<br /> [40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8<br /> ...<br /> [40958.168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf]<br /> [40958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf]<br /> ...<br /> [40958.177932] Call Trace:<br /> [40958.178491] <br /> [40958.179040] process_one_work+0x226/0x6d0<br /> [40958.179609] worker_thread+0x19e/0x340<br /> [40958.180158] ? __pfx_worker_thread+0x10/0x10<br /> [40958.180702] kthread+0x10f/0x250<br /> [40958.181238] ? __pfx_kthread+0x10/0x10<br /> [40958.181774] ret_from_fork+0x251/0x2b0<br /> [40958.182307] ? __pfx_kthread+0x10/0x10<br /> [40958.182834] ret_from_fork_asm+0x1a/0x30<br /> [40958.183370] <br /> <br /> Fix the error handling in the init_task to make sure the service and<br /> mailbox tasks are disabled if the error happens during load. These are<br /> started in idpf_vc_core_init(), which spawns the init_task and has no way<br /> of knowing if it failed. If the error happens on reset, following<br /> successful driver load, the tasks can still run, as that will allow the<br /> netdevs to attempt recovery through another reset. Stop the PTP callbacks<br /> either way as those will be restarted by the call to idpf_vc_core_init()<br /> during a successful reset.

Impacto

Referencias a soluciones, herramientas e información