Description
In the Linux kernel, the following vulnerability has been resolved:

RDMA/siw: Fix potential NULL pointer dereference in header processing

If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),
qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data()
dereferences qp->rx_fpdu->more_ddp_segs without checking, which
may lead to a NULL pointer deref. Only check more_ddp_segs when
rx_fpdu is present.

KASAN splat:
[ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]
[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50
Published: 2026-03-18
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Kernel Crash
Action: Patch ASAP
AI Analysis

Impact

The vulnerability resides in the RDMA/siw subsystem of the Linux kernel. When siw_get_hdr() fails and returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() then dereferences qp->rx_fpdu->more_ddp_segs without checking if rx_fpdu is present, causing a kernel crash. KASAN logs demonstrate a null-pointer dereference, which results in a denial‑of‑service condition without any direct evidence of privilege escalation from the available data.

Affected Systems

The affected product is the Linux kernel itself. No specific kernel versions are listed in the advisory, so any system that includes the RDMA/siw module before the fix is considered vulnerable. Administrators should assume all current distributions containing this code path are at risk until the patch is applied.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity. The EPSS score of less than 1% suggests a low likelihood of exploitation, and the vulnerability is not currently in the CISA KEV catalog. The likely attack vector is remote, inferred from the fact that the vulnerable code processes incoming RDMA traffic; an attacker would need to send crafted SiW packets to trigger the crash. If exploited, the crash would disrupt system availability and could potentially allow further local privilege escalation if the system does not recover automatically.

Generated by OpenCVE AI on April 2, 2026 at 22:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the RDMA/siw NULL-pointer dereference fix referenced by the commit history provided
  • Verify the deployed kernel version with "uname -r" and compare it against the commit hash included in the patch documentation
  • Monitor kernel logs for KASAN null‑pointer dereference messages that match the described pattern
  • If a kernel upgrade is not immediately possible, restrict or block RDMA traffic on the affected hosts or temporarily unload the siw module to prevent exploitation

Generated by OpenCVE AI on April 2, 2026 at 22:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Sun, 29 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 27 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Tue, 24 Mar 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 19 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate

Wed, 18 Mar 2026 10:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present. KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50
Title RDMA/siw: Fix potential NULL pointer dereference in header processing
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-02T14:43:55.534Z

Reserved: 2026-01-13T15:37:45.989Z

Link: CVE-2026-23242

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-18T11:16:15.887

Modified: 2026-04-02T15:16:26.167

Link: CVE-2026-23242

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-18T00:00:00Z

Links: CVE-2026-23242 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T09:39:25Z

Weaknesses