SB20260320115 - NULL Pointer Dereference in Linux kernel sw siw driver
Published: March 20, 2026
Security Bulletin ID
SB20260320115
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL Pointer Dereference (CVE-ID: CVE-2026-23242)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the RDMA/siw component when processing incoming RDMA packets. A local user can trigger improper error handling to cause a denial of service.
Exploitation requires access to RDMA subsystem and the ability to send crafted packets over TCP. The vulnerability affects the siw (Soft iWarp) driver in the Linux kernel.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142
- https://git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817
- https://git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274
- https://git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355
- https://git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5e
- https://git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0
- https://git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755
- https://git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175d