VDB

DEBIAN-CVE-2026-23242

DEBIAN-CVE-2026-23242 PUBLISHED CVSS 7.5 HIGH

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present. KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:12linux6.17.2-1~exp1, 6.1.55-1, *
Debian:11linux6.0.12-1, 6.12.27-1, 6.12.29-1
Debian:11linux-6.16.1.164-1, 6.1.162-1, 6.1.159-1
Debian:14linux6.18.13-1, 6.18.12-1, 6.18.12-1
Debian:13linux6.12.41-1, 6.12.43-1, 6.12.43-1

Exploit Intelligence

Timeline

  • Mar 18, 2026 CVE Published
  • May 2, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›