Skip to main content

Linux Kernel EUVDEUVD-2026-32886

| CVE-2026-46127 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-3vv3-57g4-wh3p
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local vector and low privileges reflect RDMA device access requirements; availability is high due to kernel panic; no confidentiality or integrity impact applies.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 24, 2026 - 16:54 vuln.today
CVSS changed
Jun 24, 2026 - 16:52 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:31 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp()

Sashiko points out that pd->uctx isn't initialized until late in the function so all these error flow references are NULL and will crash. Use the uctx that isn't NULL.

AnalysisAI

NULL pointer dereference in the Linux kernel's RDMA/ocrdma driver crashes systems running Emulex OneConnect RDMA adapters. The flaw exists in ocrdma_copy_pd_uresp(), where error-path code dereferences pd->uctx before it is initialized, producing a kernel panic and complete system unavailability when triggered. No public exploit code has been identified and EPSS sits at 0.02% (5th percentile), reflecting very low exploitation probability at this time; however, the local low-privilege vector means any unprivileged user on an affected system with ocrdma hardware present could trigger the crash.

Technical ContextAI

The vulnerability resides in the ocrdma driver (drivers/infiniband/hw/ocrdma/), which provides RDMA support for Emulex OneConnect adapters and is part of the Linux kernel's RDMA/InfiniBand subsystem. The function ocrdma_copy_pd_uresp() copies protection domain (PD) user response data to userspace. CWE-476 (NULL Pointer Dereference) identifies the root cause: pd->uctx (the user context pointer associated with a protection domain) is not assigned until a late stage in the function's execution path, but error-handling branches present earlier in the function dereference this still-NULL pointer. When any of those early error conditions is triggered, the kernel attempts to use address 0x0, causing an immediate panic. CPE data confirms the affected product as cpe:2.3:o:linux:linux_kernel across multiple stable branches, with the regression traceable to commit fe2caefcdf5869f308c102e3d64d40683bfad711.

RemediationAI

Upgrade to one of the vendor-released patched kernel versions: 6.6.140, 6.12.88, 6.18.30, 7.0.7, or 7.1-rc3, all available via kernel.org stable tree commits listed in the NVD references (e.g., https://git.kernel.org/stable/c/34fbf48cf3b410d2a6e8c586fa952a36331ca5ba for 6.6.x). Downstream Linux distributions (Red Hat, Ubuntu, SUSE, Debian) should be monitored for their respective kernel errata incorporating these fixes. Where immediate patching is not feasible, a targeted compensating control is to blacklist the ocrdma module by adding 'blacklist ocrdma' to /etc/modprobe.d/blacklist.conf and running 'modprobe -r ocrdma' - this eliminates the attack surface entirely but disables all RDMA functionality for Emulex OneConnect adapters, which may impact latency-sensitive workloads. Additionally, restricting unprivileged access to InfiniBand device nodes (/dev/infiniband/*) via udev rules or group membership (e.g., limiting the 'rdma' group) reduces the pool of users who can trigger the vulnerable code path, though this is not a complete mitigation.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

EUVD-2026-32886 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy