Skip to main content

Linux Kernel CVE-2026-45857

| EUVDEUVD-2026-32323 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-fwvx-v57v-gvmw
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access and low privileges required to trigger driver error path; only availability impacted via kernel crash, no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 25, 2026 - 21:25 vuln.today
CVSS changed
Jun 25, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:16 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

scsi: csiostor: Fix dereference of null pointer rn

The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIO_INC_STATS. Fix this by adding a new error return path label after the use of the macro to avoid the deference.

AnalysisAI

NULL pointer dereference in the Linux kernel's csiostor SCSI driver (Chelsio T5 iSCSI storage controller) causes a local denial-of-service via kernel panic. The flaw resides in the error exit path: when the pointer rn is NULL, the CSIO_INC_STATS macro still dereferences it, triggering a kernel crash. Exploitation requires local low-privilege access on a system equipped with Chelsio csiostor hardware; no active exploitation is confirmed (not in CISA KEV) and EPSS sits at 0.02% (7th percentile), indicating minimal real-world exploitation pressure.

Technical ContextAI

The vulnerability exists in the csiostor kernel module (drivers/scsi/csiostor/), which provides support for Chelsio T5 Unified Wire Storage adapters performing iSCSI offload. The root cause is CWE-476 (NULL Pointer Dereference): the error-exit code path that is supposed to handle a NULL rn (resource node) pointer invokes the CSIO_INC_STATS macro before the pointer is checked for NULL, resulting in a dereference of a null address. The fix restructures the error label hierarchy so the macro is bypassed when rn is NULL. Affected product scope per CPE is cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* introduced at commit a3667aaed5698b84bad2f1b3f71adc86499f4bc6, spanning multiple stable branches from approximately kernel 3.8 onward.

RemediationAI

Upstream fix available via multiple stable-tree backport commits referenced at git.kernel.org/stable/c/; exact patched releases are 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, and 7.0. Upgrade to the applicable patched kernel version for your distribution's stable branch. Distributions tracking these upstream stable releases (Debian stable, Ubuntu LTS, RHEL, SUSE) will include the fix in routine kernel security updates - apply pending kernel updates and reboot. As a compensating control where patching is temporarily impractical, blacklisting the csiostor module ('echo blacklist csiostor >> /etc/modprobe.d/csiostor-blacklist.conf') prevents the driver from loading, eliminating the attack surface entirely; however, this disables Chelsio T5 iSCSI offload functionality. NVD advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-45857.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

CVE-2026-45857 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy