{"id":76056,"date":"2026-01-31T15:46:06","date_gmt":"2026-01-31T12:16:06","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-23035-net-mlx5e-pass-netdev-to-mlx5e_destroy_netdev-instead-of-priv\/"},"modified":"2026-01-31T15:46:06","modified_gmt":"2026-01-31T12:16:06","slug":"cve-2026-23035-net-mlx5e-pass-netdev-to-mlx5e_destroy_netdev-instead-of-priv","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-23035-net-mlx5e-pass-netdev-to-mlx5e_destroy_netdev-instead-of-priv\/","title":{"rendered":"CVE-2026-23035 &#8211; net\/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv"},"content":{"rendered":"<p>CVE ID : CVE-2026-23035<\/p>\n<p>Published :  Jan. 31, 2026, 12:16 p.m. | 57\u00a0minutes ago<\/p>\n<p>Description : In the Linux kernel, the following vulnerability has been resolved:<\/p>\n<p>net\/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv<\/p>\n<p>mlx5e_priv is an unstable structure that can be memset(0) if profile<br \/>\nattaching fails.<\/p>\n<p>Pass netdev to mlx5e_destroy_netdev() to guarantee it will work on a<br \/>\nvalid netdev.<\/p>\n<p>On mlx5e_remove: Check validity of priv-&gt;profile, before attempting<br \/>\nto cleanup any resources that might be not there.<\/p>\n<p>This fixes a kernel oops in mlx5e_remove when switchdev mode fails due<br \/>\nto change profile failure.<\/p>\n<p>$ devlink dev eswitch set pci\/0000:00:03.0 mode switchdev<br \/>\nError: mlx5_core: Failed setting eswitch to offloads.<br \/>\ndmesg:<br \/>\nworkqueue: Failed to create a rescuer kthread for wq &#8220;mlx5e&#8221;: -EINTR<br \/>\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12<br \/>\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12<br \/>\nworkqueue: Failed to create a rescuer kthread for wq &#8220;mlx5e&#8221;: -EINTR<br \/>\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12<br \/>\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12<\/p>\n<p>$ devlink dev reload pci\/0000:00:03.0 ==&gt; oops<\/p>\n<p>BUG: kernel NULL pointer dereference, address: 0000000000000370<br \/>\nPGD 0 P4D 0<br \/>\nOops: Oops: 0000 [#1] SMP NOPTI<br \/>\nCPU: 15 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT(voluntary)<br \/>\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04\/01\/2014<br \/>\nRIP: 0010:mlx5e_dcbnl_dscp_app+0x23\/0x100<br \/>\nRSP: 0018:ffffc9000083f8b8 EFLAGS: 00010286<br \/>\nRAX: ffff8881126fc380 RBX: ffff8881015ac400 RCX: ffffffff826ffc45<br \/>\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881035109c0<br \/>\nRBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e10<br \/>\nR10: ffffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0<br \/>\nR13: ffff888101b921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400<br \/>\nFS:  00007f789a3c8740(0000) GS:ffff88856aa59000(0000) knlGS:0000000000000000<br \/>\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br \/>\nCR2: 0000000000000370 CR3: 000000010b6c0001 CR4: 0000000000370ef0<br \/>\nCall Trace:<\/p>\n<p> mlx5e_remove+0x57\/0x110<br \/>\n device_release_driver_internal+0x19c\/0x200<br \/>\n bus_remove_device+0xc6\/0x130<br \/>\n device_del+0x160\/0x3d0<br \/>\n ? devl_param_driverinit_value_get+0x2d\/0x90<br \/>\n mlx5_detach_device+0x89\/0xe0<br \/>\n mlx5_unload_one_devl_locked+0x3a\/0x70<br \/>\n mlx5_devlink_reload_down+0xc8\/0x220<br \/>\n devlink_reload+0x7d\/0x260<br \/>\n devlink_nl_reload_doit+0x45b\/0x5a0<br \/>\n genl_family_rcv_msg_doit+0xe8\/0x140<\/p>\n<p>Severity: 0.0 | NA<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2026-23035 Published : Jan. 31, 2026, 12:16 p.m. | 57\u00a0minutes ago Description : In the Linux kernel, the following vulnerability has been resolved: net\/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-76056","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=76056"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/76056\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=76056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=76056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=76056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}