Skip to main content

Linux Kernel CVE-2026-46188

| EUVDEUVD-2026-32815 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-jqmp-h258-vvv4
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local-only exploitation via hardware-specific driver (AV:L), low privilege sufficient to induce memory pressure (PR:L), availability-only impact with no data exposure (C:N/I:N/A:H).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 11, 2026 - 05:26 vuln.today
CVSS changed
Jun 11, 2026 - 03:22 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

octeon_ep_vf: add NULL check for napi_build_skb()

napi_build_skb() can return NULL on allocation failure. In __octep_vf_oq_process_rx(), the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading to a NULL pointer dereference.

Add NULL checks after both napi_build_skb() calls, properly advancing descriptors and consuming remaining fragments on failure.

AnalysisAI

NULL pointer dereference in the Linux kernel's octeon_ep_vf driver crashes the kernel when napi_build_skb() fails during memory allocation in the receive path. Systems running kernels from the introduction of the octeon_ep_vf driver (commit 1cd3b407977c) through multiple stable branches are affected where Marvell Octeon EP VF network adapters are in use. A local, low-privileged attacker who can induce memory pressure while network traffic flows through an Octeon EP VF interface can trigger a kernel panic, resulting in full system unavailability. No public exploit code exists, EPSS is 0.02% (5th percentile), and this vulnerability has not been added to CISA KEV.

Technical ContextAI

The affected component is __octep_vf_oq_process_rx(), the receive-path output-queue processor in the octeon_ep_vf kernel driver, which supports Marvell Octeon EP VF (Virtual Function) PCIe network adapters. The function calls napi_build_skb() to construct socket buffers (SKBs) for packets arriving via NAPI - the New API polling interface used for high-throughput network processing. CWE-476 (NULL Pointer Dereference) is the root cause: napi_build_skb() returns NULL when the kernel's slab allocator cannot satisfy the memory request, but __octep_vf_oq_process_rx() uses the returned pointer without a NULL guard in both the single-buffer and multi-fragment receive code paths. The fix advances descriptors and consumes remaining fragments before returning on allocation failure. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*.

RemediationAI

Upgrade to a patched kernel release: Linux 6.12.88, 6.18.30, 7.0.7, or 7.1-rc1 or later, as confirmed by EUVD. Upstream fix commits are referenced at https://git.kernel.org/stable/c/60246cdd4c515ea7d920cddf48932efcb990773e and the three sibling stable-tree commits. For systems that cannot be patched immediately, unloading or blacklisting the octeon_ep_vf kernel module (via /etc/modprobe.d/blacklist.conf) eliminates the attack surface entirely if Marvell Octeon EP VF hardware is not operationally required; this trades network adapter functionality for protection. Alternatively, limiting local user access through kernel namespaces or strict privilege separation reduces the pool of principals able to induce memory pressure. Memory overcommit controls (vm.overcommit_memory) do not reliably prevent the allocation failure condition and are not a recommended compensating control.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

CVE-2026-46188 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy