CVE-2026-23135 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/24585a13c41ea7253ee59aac74441fb570f5824a
https://git.kernel.org/stable/c/36e0bc5e8b282564906fca636c4ebc99814de4e7
https://git.kernel.org/stable/c/4846b32be324f4dd3653f38a3f69c049543d52ae
https://git.kernel.org/stable/c/bb97131fbf9b708dd9616ac2bdc793ad102b5c48

History

Sat, 14 Feb 2026 15:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_unaligned fields. Those should be reused when freeing the buffer rather than the aligned addresses.
Title		wifi: ath12k: fix dma_free_coherent() pointer
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/24585a13c41ea7253ee59aac74441fb570f5824a https://git.kernel.org/stable/c/36e0bc5e8b282564906fca636c4ebc99814de4e7 https://git.kernel.org/stable/c/4846b32be324f4dd3653f38a3f69c049543d52ae https://git.kernel.org/stable/c/bb97131fbf9b708dd9616ac2bdc793ad102b5c48

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-02-14T15:14:34.473Z

Updated: 2026-02-14T15:14:34.473Z

Reserved: 2026-01-13T15:37:45.971Z

Link: CVE-2026-23135

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-02-14T16:15:53.483

Modified: 2026-02-14T16:15:53.483

Link: CVE-2026-23135

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23135", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.971Z", "datePublished": "2026-02-14T15:14:34.473Z", "dateUpdated": "2026-02-14T15:14:34.473Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-02-14T15:14:34.473Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix dma_free_coherent() pointer\n\ndma_alloc_coherent() allocates a DMA mapped buffer and stores the\naddresses in XXX_unaligned fields. Those should be reused when freeing\nthe buffer rather than the aligned addresses."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath12k/ce.c"], "versions": [{"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", "lessThan": "36e0bc5e8b282564906fca636c4ebc99814de4e7", "status": "affected", "versionType": "git"}, {"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", "lessThan": "24585a13c41ea7253ee59aac74441fb570f5824a", "status": "affected", "versionType": "git"}, {"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", "lessThan": "4846b32be324f4dd3653f38a3f69c049543d52ae", "status": "affected", "versionType": "git"}, {"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2", "lessThan": "bb97131fbf9b708dd9616ac2bdc793ad102b5c48", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/wireless/ath/ath12k/ce.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/36e0bc5e8b282564906fca636c4ebc99814de4e7"}, {"url": "https://git.kernel.org/stable/c/24585a13c41ea7253ee59aac74441fb570f5824a"}, {"url": "https://git.kernel.org/stable/c/4846b32be324f4dd3653f38a3f69c049543d52ae"}, {"url": "https://git.kernel.org/stable/c/bb97131fbf9b708dd9616ac2bdc793ad102b5c48"}], "title": "wifi: ath12k: fix dma_free_coherent() pointer", "x_generator": {"engine": "bippy-1.2.0"}}}}