Skip to main content

Linux CVE-2026-23242

| EUVDEUVD-2026-12801 HIGH
NULL Pointer Dereference (CWE-476)
2026-03-18 Linux
7.5
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 18, 2026 - 10:30 euvd
EUVD-2026-12801
Analysis Generated
Mar 18, 2026 - 10:30 vuln.today
CVE Published
Mar 18, 2026 - 10:05 nvd
HIGH 7.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

RDMA/siw: Fix potential NULL pointer dereference in header processing

If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present.

KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50

AnalysisAI

A null pointer dereference vulnerability exists in the Linux kernel's RDMA/siw (Software iWARP) module in the TCP receive data path handler. When siw_get_hdr() returns an error before initializing the receive FPDU context, the error handling code attempts to dereference qp->rx_fpdu without null checking, potentially causing a kernel panic and denial of service. The vulnerability affects multiple Linux kernel versions across stable branches (5.10, 5.15, 6.1, 6.6, 6.12, and others) and has been patched across numerous kernel releases.

Technical ContextAI

This vulnerability exists in the Linux kernel's RDMA (Remote Direct Memory Access) subsystem, specifically in the siw (Software iWARP) driver implementation (CPE: cpe:2.3:a:linux:linux). iWARP is a protocol for RDMA over TCP/IP networks. The vulnerability occurs in the siw_tcp_rx_data() function during header processing in the receive data path. When siw_get_hdr() returns -EINVAL, it indicates a header parsing failure before set_rx_fpdu_context() has executed, leaving qp->rx_fpdu (queue pair receive FPDU context) as NULL. The code then unconditionally accesses the more_ddp_segs field within this null pointer, triggering a CWE-476 null pointer dereference. The root cause is inadequate error path validation failing to verify object initialization state before dereferencing.

RemediationAI

Update the Linux kernel to the patched versions as follows: for kernel 5.10, apply patch 5.10.252 or later; for 5.15, apply patch 5.15.202 or later; for 6.1, apply patch 6.1.165 or later; for 6.6, apply patch 6.6.128 or later; for 6.12, apply patch 6.12.75 or later; and for other branches, apply the corresponding released patches. Patch availability is confirmed via git.kernel.org/stable commit references (ab61841633d10e56a58c1493a262f0d02dba2f5e, 8564dcc12fbb372d984ab45768cae9335777b274, and others). Organizations using RDMA/iWARP should prioritize upgrading their kernel versions through their distribution's standard update channels. As a temporary mitigation, restrict network access to RDMA services to trusted sources only and monitor kernel logs for null pointer dereference panics.

Vendor StatusVendor

Debian

linux
Release Status Fixed Version Urgency
bullseye vulnerable 5.10.223-1 -
bullseye (security) vulnerable 5.10.251-1 -
bookworm vulnerable 6.1.159-1 -
bookworm (security) vulnerable 6.1.164-1 -
trixie vulnerable 6.12.73-1 -
trixie (security) vulnerable 6.12.74-2 -
forky fixed 6.19.6-2 -
sid fixed 6.19.8-1 -
(unstable) fixed 6.18.14-1 -

SUSE

Severity: High
Product Status
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Affected

Share

CVE-2026-23242 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy