Cyber Resilience

CVE-2026-23242

HighUpdated

Published: 18 March 2026

Published
18 March 2026
Modified
21 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0008 23.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23242 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-11 (Error Handling) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-23242 is a vulnerability in the Linux kernel's RDMA/siw (Software iWARP) implementation that can lead to a NULL pointer dereference during header processing. Specifically, if the siw_get_hdr() function returns -EINVAL before set_rx_fpdu_context() is called, the qp->rx_fpdu structure remains NULL. On the error path in siw_tcp_rx_data(), the code then dereferences qp->rx_fpdu->more_ddp_segs without first checking if rx_fpdu is present, potentially causing a kernel crash. This issue was identified via a KASAN report showing a null-ptr-deref in siw_tcp_rx_data().

Remote, unauthenticated attackers with network access can exploit this vulnerability due to its CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). By sending crafted network packets to trigger the error path in the siw_tcp_rx_data() function, an attacker can induce a NULL pointer dereference, resulting in a denial-of-service condition through kernel panic or crash with no impact on confidentiality or integrity.

Mitigation involves applying upstream kernel patches from the referenced stable commits, including 14ab3da122bd18920ad57428f6cf4fade8385142, 714c99e1dc8f85f446e05be02ba83972e981a817, 8564dcc12fbb372d984ab45768cae9335777b274, 87b7a036d2d73d5bb3ae2d47dee23de465db3355, and ab61841633d10e56a58c1493a262f0d02dba2f5e. These fixes ensure that more_ddp_segs is only checked when rx_fpdu is present, preventing the dereference. Security practitioners should update affected Linux kernels, particularly those using RDMA/siw, and monitor for KASAN-detected issues in similar paths.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp->rx_fpdu->more_ddp_segs without checking, which may…

more

lead to a NULL pointer deref. Only check more_ddp_segs when rx_fpdu is present. KASAN splat: [ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7] [ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL pointer dereference in RDMA/siw network stack directly enables remote unauthenticated DoS via crafted packets causing kernel crash (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22992Same product: Linux Linux Kernel
CVE-2026-22991Same product: Linux Linux Kernel
CVE-2026-31600Same product: Linux Linux Kernel
CVE-2026-22998Same product: Linux Linux Kernel
CVE-2026-31638Same product: Linux Linux Kernel
CVE-2026-31477Same product: Linux Linux Kernel
CVE-2026-31450Same product: Linux Linux Kernel
CVE-2026-23148Same product: Linux Linux Kernel
CVE-2026-31404Same product: Linux Linux Kernel
CVE-2026-23198Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
5.3 · 5.3.1 — 5.10.252 · 5.11 — 5.15.202 · 5.16 — 6.1.165

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the NULL pointer dereference vulnerability by applying the specific upstream Linux kernel patches referenced in the analysis.

prevent

Ensures secure error handling in kernel network processing to prevent NULL dereferences on error paths like in siw_tcp_rx_data().

prevent

Mitigates denial-of-service from remote crafted RDMA/siw packets that trigger kernel crashes via NULL pointer dereference.

References