SB2026041410 - NULL pointer dereference in Linux kernel rds
Published: April 14, 2026
Security Bulletin ID
SB2026041410
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) NULL pointer dereference (CVE-ID: CVE-2026-31425)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in rds_ib_get_mr() when processing sendmsg() requests with the RDS_CMSG_RDMA_MAP control message on a connection before IB connection establishment. A local user can send a specially crafted sendmsg request to cause a denial of service.
The issue occurs on a fresh outgoing connection before the rdma_cm_id and queue pair have been created.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/23e07c340c445f0ebff7757ba15434cb447eb662
- https://git.kernel.org/stable/c/450ec93c0f172374acbf236f1f5f02d53650aa2d
- https://git.kernel.org/stable/c/47de5b73db3b88f45c107393f26aeba26e9e8fae
- https://git.kernel.org/stable/c/6b0a8de67ac0c74e1a7df92b73c862cb36780dfc
- https://git.kernel.org/stable/c/a54ecccfae62c5c85259ae5ea5d9c20009519049
- https://git.kernel.org/stable/c/a5bfd14c9a299e6db4add4440430ee5e010b03ad