CVE-2026-43282
NULL Pointer Dereference in Linux Kernel RDMA/ionic Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's RDMA/ionic component. Specifically, the function ionic_query_port() calls another function, ib_device_get_netdev(), without verifying if the returned value is NULL. This lack of checking can lead to a NULL pointer dereference, which is a type of error where the program tries to access or use a memory location that is not valid.
The issue was fixed by adding a check for the return value and returning an error code (-ENODEV) if the network device pointer ('ndev') is NULL.
How can this vulnerability impact me? :
A NULL pointer dereference in the kernel can cause the affected system to crash or become unstable, potentially leading to a denial of service (DoS). This means that an attacker or a faulty process could exploit this vulnerability to disrupt normal operations of the system running the Linux kernel.