Description
In the Linux kernel, the following vulnerability has been resolved:

octeon_ep_vf: add NULL check for napi_build_skb()

napi_build_skb() can return NULL on allocation failure. In
__octep_vf_oq_process_rx(), the result is used directly without a NULL
check in both the single-buffer and multi-fragment paths, leading to a
NULL pointer dereference.

Add NULL checks after both napi_build_skb() calls, properly advancing
descriptors and consuming remaining fragments on failure.
Published: 2026-05-28
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The octeon_ep_vf receive function fails to check the return value of napi_build_skb(); when the network stack passes a packet to the driver, the helper can return NULL on an allocation failure. The driver then dereferences this pointer without validation, causing a kernel null pointer dereference that crashes the system. This flaw directly compromises kernel stability.

Affected Systems

The vulnerability resides in the octeon_ep_vf driver that ships with the mainline Linux kernel. Any distribution that includes this driver for Octeon EP virtual functions is affected. Vulnerable kernel builds are those that do not include the patch referenced in the commit logs; specific version numbers are not listed but all pre‑patch releases carry the flaw.

Risk and Exploitability

Although no CVSS or EPSS score is publicly available and the flaw is not listed in CISA KEV, a NULL pointer dereference that leads to a kernel crash is inherently exploitable. An attacker who can send crafted packets to the octeon_ep_vf NIC can trigger the crash without privileged access. The lack of mitigations in affected kernels places the risk at moderate to high, especially for remotely managed systems that may have these virtual functions exposed.

Generated by OpenCVE AI on May 28, 2026 at 12:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the commit adding NULL checks to napi_build_skb() in octeon_ep_vf.
  • If an immediate kernel update is not possible, disable the octeon_ep_vf driver or disconnect the associated OEM NICs to remove the vulnerable code path from operation.
  • Enable kernel crash dumping (kdump) and monitor dmesg for Oops messages; verify that the patched kernel no longer logs null-pointer dereference crashes when traffic is directed to the device.

Generated by OpenCVE AI on May 28, 2026 at 12:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: octeon_ep_vf: add NULL check for napi_build_skb() napi_build_skb() can return NULL on allocation failure. In __octep_vf_oq_process_rx(), the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading to a NULL pointer dereference. Add NULL checks after both napi_build_skb() calls, properly advancing descriptors and consuming remaining fragments on failure.
Title octeon_ep_vf: add NULL check for napi_build_skb()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-28T09:36:42.251Z

Reserved: 2026-05-13T15:03:33.104Z

Link: CVE-2026-46188

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-28T10:16:34.440

Modified: 2026-05-28T10:16:34.440

Link: CVE-2026-46188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T12:15:21Z

Weaknesses