CVE-2026-23242
Description
In the Linux kernel, the following vulnerability has been resolved:
RDMA/siw: Fix potential NULL pointer dereference in header processing
If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present.
KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel's RDMA/siw driver, a missing NULL check on qp->rx_fpdu before accessing more_ddp_segs can lead to a null-pointer dereference.
Vulnerability
Analysis
CVE-2026-23242 is a null-pointer dereference vulnerability in the Linux kernel's RDMA/siw (Software iWARP) driver. The root cause is that in the error path of siw_tcp_rx_data(), if siw_get_hdr() returns -EINVAL before set_rx_fpdu_context() is called, the qp->rx_fpdu pointer remains NULL. The code then unconditionally dereferences qp->rx_fpdu->more_ddp_segs without a prior NULL check, leading to a crash as evidenced by the KASAN report [1].
Exploitation
An attacker who can send a crafted TCP segment to the siw interface can trigger this condition. The attack requires network access to the target machine and the ability to send traffic that causes siw_get_hdr() to fail early. No authentication is needed beyond being able to reach the siw endpoint [1].
Impact
Successful exploitation results in a kernel NULL pointer dereference, which manifests as a denial of service (DoS) through a system crash or kernel panic. The KASAN splat shows the crash occurs in siw_tcp_rx_data with null-ptr-deref at address 0xc0 [1]. The CVSS v3 score is 7.5 (High) reflecting the high availability impact.
Mitigation
The fix is to only check more_ddp_segs when rx_fpdu is present. The patch has been committed to the stable kernel tree [4]. Users should apply the latest kernel updates to resolve this vulnerability.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142nvd
- git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817nvd
- git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274nvd
- git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355nvd
- git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5envd
- git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0nvd
- git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755nvd
- git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175dnvd
News mentions
0No linked articles in our index yet.