{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Octeontx2-af: Add proper checks for fwdata",
    "id" : "2436763",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2436763"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nOcteontx2-af: Add proper checks for fwdata\nfirmware populates MAC address, link modes (supported, advertised)\nand EEPROM data in shared firmware structure which kernel access\nvia MAC block(CGX/RPM).\nAccessing fwdata, on boards booted with out MAC block leading to\nkernel panics.\nInternal error: Oops: 0000000096000005 [#1]  SMP\n[   10.460721] Modules linked in:\n[   10.463779] CPU: 0 UID: 0 PID: 174 Comm: kworker/0:3 Not tainted 6.19.0-rc5-00154-g76ec646abdf7-dirty #3 PREEMPT\n[   10.474045] Hardware name: Marvell OcteonTX CN98XX board (DT)\n[   10.479793] Workqueue: events work_for_cpu_fn\n[   10.484159] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[   10.491124] pc : rvu_sdp_init+0x18/0x114\n[   10.495051] lr : rvu_probe+0xe58/0x1d18" ],
  "statement" : "A kernel crash can occur in the OcteonTX2 AF driver on boards that boot without the MAC block because the driver may access firmware shared data through rvu fwdata without verifying it is mapped. In that configuration rvu_sdp_init can dereference rvu fwdata unconditionally when checking channel_data valid. This triggers a NULL pointer dereference and panics the kernel during initialization or during later mailbox based operations such as link mode handling. For the CVSS the PR is typically H because triggering the affected paths usually requires administrative control over the device environment and operations like driver probing or privileged net device configuration. The issue is not network reachable and is specific to certain hardware and firmware configurations. Impact is denial of service through a kernel panic.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-23070\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23070\nhttps://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23070-2fcd@gregkh/T" ],
  "name" : "CVE-2026-23070",
  "csaw" : false
}