CVE-2026-23242

EUVD-2026-12801

18.03.2026, 11:16

In the Linux kernel, the following vulnerability has been resolved:

RDMA/siw: Fix potential NULL pointer dereference in header processing

If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),
qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data()
dereferences qp->rx_fpdu->more_ddp_segs without checking, which
may lead to a NULL pointer deref. Only check more_ddp_segs when
rx_fpdu is present.

KASAN splat:
[  101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
[  101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 30%

Affected Products (NVD)

Vendor	Product	Version
linux	linux_kernel	5.3.1 ≤ 𝑥 < 5.10.252
linux	linux_kernel	5.11 ≤ 𝑥 < 5.15.202
linux	linux_kernel	5.16 ≤ 𝑥 < 6.1.165
linux	linux_kernel	6.2 ≤ 𝑥 < 6.6.128
linux	linux_kernel	6.7 ≤ 𝑥 < 6.12.75
linux	linux_kernel	6.13 ≤ 𝑥 < 6.18.14
linux	linux_kernel	6.19 ≤ 𝑥 < 6.19.4
linux	linux_kernel	5.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

linux

bookworm	6.1.170-3 fixed
bookworm (security)	6.1.174-1 fixed
bullseye	vulnerable
bullseye (security)	5.10.257-1 fixed
forky	7.0.10-1 fixed
sid	7.0.12-2 fixed
trixie	6.12.86-1 fixed
trixie (security)	6.12.90-2 fixed

linux-6.1

bullseye (security)

6.1.174-1~deb11u1

fixed

openSUSE / SLES Releases

openSUSE Product

Release

kernel-64kb

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1 fixed

kernel-default

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1 fixed

kernel-default-base

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1.150700.17.25.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1.150700.17.25.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1.150700.17.25.1 fixed

kernel-macros

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1 fixed

kernel-obs-build

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1 fixed

kernel-source

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1 fixed

kernel-syms

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1 fixed

kernel-zfcpdump

suse enterprise desktop 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise sap 15 SP7	6.4.0-150700.53.37.1 fixed
suse enterprise server 15 SP7	6.4.0-150700.53.37.1 fixed

Azure Linux Releases

Azure Package

Release

kernel

Azure Linux 3.0

0:6.6.130.1-1.azl3

fixed

Common Weakness Enumeration

CWE-476 - NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

https://git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142

https://git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817

https://git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274

https://git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355

https://git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5e

https://git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0

https://git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755

https://git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175d