CVE-2026-23135 in Linuxinfo

Summary

by MITRE • 02/14/2026

In the Linux kernel, the following vulnerability has been resolved:

wifi: ath12k: fix dma_free_coherent() pointer

dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 03/18/2026

The vulnerability CVE-2026-23135 addresses a critical memory management issue within the Linux kernel's wireless networking subsystem, specifically affecting the ath12k driver used for Qualcomm-based Wi-Fi adapters. This flaw represents a classic case of improper memory address handling that can lead to system instability and potential security implications. The vulnerability stems from a fundamental mismatch in how DMA (Direct Memory Access) buffers are allocated and subsequently freed within the kernel's memory management framework. When the dma_alloc_coherent() function is invoked to allocate memory for wireless communication operations, it internally manages both aligned and unaligned memory addresses to ensure proper hardware access patterns. The driver stores these addresses in XXX_unaligned fields during allocation, which serves as a critical reference point for proper memory deallocation. However, the flaw occurs when the system attempts to free these buffers using dma_free_coherent(), which incorrectly references aligned addresses instead of the originally stored unaligned addresses. This misalignment in address management creates a scenario where the kernel's memory management subsystem attempts to free memory at incorrect memory locations, potentially causing memory corruption or system crashes.

The technical implications of this vulnerability extend beyond simple memory management errors and can result in serious operational consequences for systems utilizing affected wireless hardware. When the kernel attempts to free memory using incorrect addresses, it may overwrite adjacent memory regions, corrupt kernel data structures, or trigger page faults that lead to system panics. The flaw specifically impacts the ath12k driver's implementation of DMA memory management, which is critical for maintaining stable wireless connectivity and preventing data transmission errors. This type of memory corruption vulnerability can manifest as intermittent system crashes, wireless adapter malfunctions, or even more severe system instability that affects overall system reliability. The vulnerability is particularly concerning because it operates at the kernel level where memory management errors can have cascading effects on system stability and security. From a cybersecurity perspective, such memory corruption flaws can potentially be exploited by malicious actors to cause denial of service attacks or, in more sophisticated scenarios, to execute arbitrary code with kernel privileges. The issue aligns with CWE-122 (Heap-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) categories, representing improper handling of memory allocation and deallocation patterns within kernel space.

The operational impact of CVE-2026-23135 affects systems running Linux kernels with Qualcomm-based Wi-Fi adapters, particularly those implementing the ath12k driver for wireless communication. Affected systems may experience random crashes, wireless connectivity failures, or complete system instability when attempting to allocate and free DMA memory buffers during wireless operations. The vulnerability is especially problematic in environments where wireless connectivity is critical, such as enterprise networks, mobile devices, or embedded systems that rely on stable wireless communication. Network administrators and system maintainers should be aware that this flaw can manifest as intermittent issues that are difficult to reproduce and diagnose, making it particularly challenging to identify in production environments. The impact is not limited to simple service disruption but can potentially lead to complete system failures that require manual intervention for recovery. From an ATT&CK framework perspective, this vulnerability could be leveraged as part of a broader attack chain to achieve privilege escalation or denial of service conditions, as it operates within the kernel space where system-level access is available. The fix implemented by the kernel maintainers addresses the core issue by ensuring that the dma_free_coherent() function properly references the unaligned addresses that were originally stored during allocation, thereby maintaining proper memory management consistency throughout the DMA buffer lifecycle. This correction prevents the memory corruption that would otherwise occur when attempting to free memory at incorrect addresses, restoring proper system stability and wireless functionality.

Responsible

Linux

Reservation

01/13/2026

Disclosure

02/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00122

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!