Login Sign Up

CVE-2026-23218

N/A Unknown

📋 TL;DR

This CVE describes a NULL pointer dereference vulnerability in the Linux kernel's Loongson GPIO driver. The vulnerability occurs when the driver incorrectly checks chip->parent instead of chip->irq.parents after memory allocation, potentially leading to kernel crashes or privilege escalation. Systems using Loongson 64-bit processors with the affected GPIO driver are at risk.

💻 Affected Systems

Products:
  • Linux kernel with Loongson GPIO driver
Versions: Specific kernel versions containing the vulnerable commit until patched versions
Operating Systems: Linux distributions running on Loongson 64-bit processors
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with Loongson 64-bit processors where the loongson-gpio driver is loaded and used.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash, or potential privilege escalation to kernel mode if combined with other vulnerabilities.

🟠

Likely Case

System instability or crash when the GPIO driver is initialized or used, particularly during system boot or device hotplug.

🟢

If Mitigated

Minimal impact if the vulnerable code path isn't triggered or if kernel hardening features are enabled.

🌐 Internet-Facing: LOW - This is a local kernel driver vulnerability requiring local access.
🏢 Internal Only: MEDIUM - Local users or processes could potentially trigger the vulnerability, but exploitation requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access and triggering the specific code path in the GPIO driver initialization.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits e34f77b09080c86c929153e2a72da26b4f8947ff or e71e3fa90a15134113f61343392e887cd1f4bf7c

Vendor Advisory: https://git.kernel.org/stable/c/e34f77b09080c86c929153e2a72da26b4f8947ff

Restart Required: Yes

Instructions:

1. Update to a patched kernel version from your distribution vendor. 2. Rebuild kernel if using custom kernel. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable Loongson GPIO driver

linux

Prevent loading of the vulnerable driver module

echo 'blacklist loongson-gpio' > /etc/modprobe.d/blacklist-loongson-gpio.conf
rmmod loongson_gpio

🧯 If You Can't Patch

  • Restrict local user access to systems with Loongson processors
  • Implement kernel hardening features like KASLR and stack protection

🔍 How to Verify

Check if Vulnerable:

Check if loongson_gpio module is loaded: lsmod | grep loongson_gpio. Check kernel version against patched versions.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commit: grep -r 'e34f77b09080c86c929153e2a72da26b4f8947ff\|e71e3fa90a15134113f61343392e887cd1f4bf7c' /boot/config-*

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic messages
  • GPIO driver initialization failures in dmesg
  • NULL pointer dereference kernel oops

Network Indicators:

  • None - local vulnerability

SIEM Query:

source="kernel" AND ("NULL pointer dereference" OR "kernel panic" OR "loongson_gpio")

📊 Metadata

CVE ID: CVE-2026-23218
CVSS v3 Score: N/A (Unknown)
Published: February 18, 2026
Last Updated: February 18, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON