{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23070","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.955Z","datePublished":"2026-02-04T16:07:50.675Z","dateUpdated":"2026-05-11T21:59:25.131Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:59:25.131Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nOcteontx2-af: Add proper checks for fwdata\n\nfirmware populates MAC address, link modes (supported, advertised)\nand EEPROM data in shared firmware structure which kernel access\nvia MAC block(CGX/RPM).\n\nAccessing fwdata, on boards booted with out MAC block leading to\nkernel panics.\n\nInternal error: Oops: 0000000096000005 [#1]  SMP\n[   10.460721] Modules linked in:\n[   10.463779] CPU: 0 UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-00154-g76ec646abdf7-dirty #3 PREEMPT\n[   10.474045] Hardware name: Marvell OcteonTX CN98XX board (DT)\n[   10.479793] Workqueue: events work_for_cpu_fn\n[   10.484159] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   10.491124] pc : rvu_sdp_init+0x18/0x114\n[   10.495051] lr : rvu_probe+0xe58/0x1d18"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c","drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c"],"versions":[{"version":"997814491cee7b19c162ad82439818e555f99ad9","lessThan":"079050a23de6b7505595e4af75b36c34f0e9627e","status":"affected","versionType":"git"},{"version":"997814491cee7b19c162ad82439818e555f99ad9","lessThan":"e343973fab43c266a40e4e0dabdc4216db6d5eff","status":"affected","versionType":"git"},{"version":"997814491cee7b19c162ad82439818e555f99ad9","lessThan":"4a3dba48188208e4f66822800e042686784d29d1","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c","drivers/net/ethernet/marvell/octeontx2/af/rvu_sdp.c"],"versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","status":"unaffected","versionType":"semver"},{"version":"6.12.78","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.8","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.12.78"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.18.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/079050a23de6b7505595e4af75b36c34f0e9627e"},{"url":"https://git.kernel.org/stable/c/e343973fab43c266a40e4e0dabdc4216db6d5eff"},{"url":"https://git.kernel.org/stable/c/4a3dba48188208e4f66822800e042686784d29d1"}],"title":"Octeontx2-af: Add proper checks for fwdata","x_generator":{"engine":"bippy-1.2.0"}}}}