CVE-2026-23183 in Linux
Summary
by MITRE • 02/14/2026
In the Linux kernel, the following vulnerability has been resolved:
cgroup/dmem: fix NULL pointer dereference when setting max
An issue was triggered:
BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP NOPTI
CPU: 15 UID: 0 PID: 658 Comm: bash Tainted: 6.19.0-rc6-next-2026012 Tainted: [O]=OOT_MODULE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), RIP: 0010:strcmp+0x10/0x30 RSP: 0018:ffffc900017f7dc0 EFLAGS: 00000246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff888107cd4358 RDX: 0000000019f73907 RSI: ffffffff82cc381a RDI: 0000000000000000 RBP: ffff8881016bef0d R08: 000000006c0e7145 R09: 0000000056c0e714 R10: 0000000000000001 R11: ffff888107cd4358 R12: 0007ffffffffffff R13: ffff888101399200 R14: ffff888100fcb360 R15: 0007ffffffffffff CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000105c79000 CR4: 00000000000006f0 Call Trace: <TASK> dmemcg_limit_write.constprop.0+0x16d/0x390 ? __pfx_set_resource_max+0x10/0x10 kernfs_fop_write_iter+0x14e/0x200 vfs_write+0x367/0x510 ksys_write+0x66/0xe0 do_syscall_64+0x6b/0x390 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f42697e1887
It was trriggered setting max without limitation, the command is like: "echo test/region0 > dmem.max". To fix this issue, add check whether options is valid after parsing the region_name.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/05/2026
The vulnerability CVE-2026-23183 represents a critical NULL pointer dereference flaw within the Linux kernel's control group memory management subsystem, specifically affecting the dmem (dynamic memory) functionality. This issue manifests when attempting to set memory limits through the cgroup interface, particularly when writing to the dmem.max file without proper parameter validation. The kernel's handling of memory limit configuration creates a scenario where a NULL pointer is accessed during the parsing of region names, leading to an immediate system crash and potential denial of service condition.
The technical root cause of this vulnerability lies in the insufficient validation of input parameters within the dmemcg_limit_write function, which is responsible for processing memory limit settings in the cgroup subsystem. When a user attempts to write to the dmem.max file with malformed or incomplete input such as "echo test/region0 > dmem.max", the kernel fails to properly validate whether the parsed region_name options structure contains valid data before attempting to dereference it. This flaw directly maps to CWE-476 which identifies NULL pointer dereference as a common vulnerability pattern where programs attempt to access memory through a pointer that has not been properly initialized or validated. The crash occurs during a strcmp operation where the kernel attempts to compare strings against a NULL pointer, resulting in the kernel NULL pointer dereference panic that terminates system operations.
The operational impact of this vulnerability extends beyond simple system crashes to potentially enable privilege escalation or denial of service attacks in environments where unprivileged users can manipulate cgroup memory limits. The vulnerability affects systems running Linux kernel versions that include the affected cgroup memory management code, making it relevant to containerized environments, virtualization platforms, and any system utilizing control groups for resource management. Attackers could exploit this by crafting malicious input to trigger the NULL pointer dereference, causing system instability and potentially allowing for privilege escalation if the memory corruption affects kernel data structures. The issue particularly impacts systems using the dmem functionality within cgroup management where memory limits are dynamically configured, creating a vector for both system-level disruption and potential security compromise.
Mitigation strategies for CVE-2026-23183 should focus on implementing proper input validation and parameter checking within the kernel's cgroup memory management subsystem. The fix requires adding validation checks after parsing the region_name to ensure that the options structure is properly initialized before any dereference operations occur. System administrators should prioritize applying the kernel patches that address this specific NULL pointer dereference issue, which typically involve adding conditional checks to verify that parsed parameters contain valid data before proceeding with memory operations. Organizations should also consider implementing monitoring for suspicious cgroup memory limit modifications and establishing access controls to restrict which users can modify dmem settings. Additionally, this vulnerability highlights the importance of comprehensive input validation in kernel space operations and aligns with ATT&CK technique T1068 which covers privilege escalation through kernel vulnerabilities. The fix implemented in the kernel resolves the immediate issue by ensuring that all parsed region_name parameters are validated before being used in subsequent memory operations, thereby preventing the NULL pointer dereference that leads to system crashes.