Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-23242

Опубликовано: 18 мар. 2026
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

A NULL pointer dereference vulnerability was found in the Linux kernel's Software iWARP (siw) RDMA driver. In siw_tcp_rx_data(), when siw_get_hdr() returns -EINVAL before set_rx_fpdu_context() is called, the qp->rx_fpdu pointer remains NULL. The error handling path then dereferences qp->rx_fpdu->more_ddp_segs without a NULL check, causing a kernel crash.

Отчет

This flaw affects systems using the Software iWARP (siw) driver for RDMA over TCP. The NULL pointer dereference can be triggered during header processing when receiving malformed RDMA packets. The siw driver is typically used in development or testing environments rather than production RDMA deployments which usually use hardware RDMA adapters.

Меры по смягчению последствий

To mitigate this issue, prevent the siw module from being loaded. See https://access.redhat.com/solutions/41278 for instructions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelNot affected
Red Hat Enterprise Linux 7kernel-rtNot affected
Red Hat Enterprise Linux 8kernelFix deferred
Red Hat Enterprise Linux 8kernel-rtFix deferred
Red Hat Enterprise Linux 9kernelFix deferred
Red Hat Enterprise Linux 9kernel-rtFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=2448602kernel: RDMA/siw: Fix potential NULL pointer dereference in header processing

EPSS

Процентиль: 9%
0.00032
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-23242

ubuntu
9 дней назад

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present. KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50

nvd логотип

CVE-2026-23242

nvd
9 дней назад

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present. KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50

msrc логотип

CVE-2026-23242

CVSS3: 5.5
msrc
9 дней назад

RDMA/siw: Fix potential NULL pointer dereference in header processing

debian логотип

CVE-2026-23242

debian
9 дней назад

In the Linux kernel, the following vulnerability has been resolved: R ...

github логотип

GHSA-6xq4-2j3g-9m44

github
9 дней назад

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present. KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50

EPSS

Процентиль: 9%
0.00032
Низкий

5.5 Medium

CVSS3