Skip to main content

Linux Kernel EUVDEUVD-2026-39859

| CVE-2026-53324 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-06-26 Linux GHSA-78w3-3c52-99hr
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local trigger via VF initialization requires low OS privilege; only availability impact (kernel panic); no confidentiality or integrity exposure; conditions are non-default but mechanistically simple.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jul 06, 2026 - 20:51 vuln.today
CVSS changed
Jul 06, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
Jun 26, 2026 - 21:02 EUVD
CVE Published
Jun 26, 2026 - 19:41 nvd
MEDIUM 5.5
CVE Published
Jun 26, 2026 - 19:41 cve.org
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

net: mana: Use pci_name() for debugfs directory naming

Use pci_name(pdev) for the per-device debugfs directory instead of hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs. The previous approach had two issues:

  1. pci_slot_name() dereferences pdev->slot, which can be NULL for VFs

in environments like generic VFIO passthrough or nested KVM, causing a NULL pointer dereference.

  1. Multiple PFs would all use "0", and VFs across different PCI

domains or buses could share the same slot name, leading to -EEXIST errors from debugfs_create_dir().

pci_name(pdev) returns the unique BDF address, is always valid, and is unique across the system.

AnalysisAI

NULL pointer dereference in the Linux kernel MANA (Microsoft Azure Network Adapter) driver crashes the host kernel when initializing Virtual Function (VF) devices in VFIO passthrough or nested KVM environments where pdev->slot is unpopulated. Systems running affected kernel versions in Azure-style or nested virtualization deployments face deterministic kernel panics and total availability loss on the host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker obtains low-privilege local or guest access
Delivery
Configures MANA VF under VFIO passthrough or nested KVM
Exploit
Triggers VF device probe or re-initialization
Execution
Kernel invokes pci_slot_name() on NULL pdev->slot
Persist
NULL pointer dereference causes kernel panic
Impact
Host system crashes, denying availability to all co-hosted workloads

Vulnerability AssessmentAI

Exploitation Exploitation requires the target Linux host to have the MANA driver loaded (`net/mana`) and a MANA Virtual Function (VF) device being initialized or probed while operating in a VFIO passthrough or nested KVM environment where `pdev->slot` is NULL. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, score 5.5) accurately characterizes this as a local, low-complexity, low-privilege denial-of-service with no confidentiality or integrity impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An operator or low-privilege local process on a Linux host with MANA VF devices configured for VFIO passthrough or nested KVM triggers VF device probe or re-initialization; the kernel calls `pci_slot_name(pdev->slot)` with a NULL `pdev->slot`, immediately causing a kernel NULL pointer dereference and host system panic. In a cloud multi-tenant scenario, a guest VM operator initiating MANA VF attachment in a nested virtualization stack could crash the underlying host, causing availability impact to co-hosted workloads. …
Remediation Apply the upstream stable-kernel patches: the fix commits 34dbd7b819544c99c9d96b400fe4db613f40ac4b, 9211eb97e8f8c28bf9313ab97862d143dbbbef97, and c116f07ab9d22bb6f355f3cf9e44c1e6a47fe559 are available at git.kernel.org. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39859 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy