CVE-2026-23242
Analyzed Analyzed - Analysis Complete
Null Pointer Dereference in Linux Kernel RDMA siw Component

Publication date: 2026-03-18

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present. KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-05-21
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23242
EUVD
EUVD-2026-12801
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
linux linux_kernel 5.3
linux linux_kernel From 6.13 (inc) to 6.18.14 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.202 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 5.3.1 (inc) to 5.10.252 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDMA/siw component. It involves a potential NULL pointer dereference during header processing. Specifically, if the function siw_get_hdr() returns an error (-EINVAL) before set_rx_fpdu_context() is called, a pointer (qp->rx_fpdu) can be NULL. Later, the function siw_tcp_rx_data() attempts to access a member (more_ddp_segs) of this pointer without checking if it is NULL, which can lead to a NULL pointer dereference and potentially cause a kernel crash or other unintended behavior.

Impact Analysis

The impact of this vulnerability is that it can cause a NULL pointer dereference in the Linux kernel, which may lead to a kernel crash or system instability. This could result in denial of service or unexpected behavior in systems using the affected RDMA/siw component.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23242. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart