NULL pointer dereference in Linux kernel - CVE-2026-31546
Published: April 25, 2026
Vulnerability identifier: #VU127854
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-31546
CWE-ID: CWE-476
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in bond_debug_rlb_hash_show when reading debugfs entries for RLB hash-table entries with no assigned slave. A local user can read the affected debugfs entry to cause a denial of service.
The issue occurs when an entry remains on the rx_hashtbl_used_head list with its slave pointer set to NULL.
How to mitigate CVE-2026-31546
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/017d674cf6930e9586a29ee808c7ca09d1396d07
- https://git.kernel.org/stable/c/0a3f8cd3f370247ded14d38d216b49dd30eade76
- https://git.kernel.org/stable/c/19f0fd87df0e5746b24f5caa465a66a8c6e6e241
- https://git.kernel.org/stable/c/2ec2c777f357a83c3d503d8d9370c90b60f0ae63
- https://git.kernel.org/stable/c/605b52497bf89b3b154674deb135da98f916e390
- https://git.kernel.org/stable/c/6a3bb74e25d79cbb15f67ef80f71e2b2bfe27ff4
- https://git.kernel.org/stable/c/ec9762f0df2f9fbe3f40a3bfa8aab8b2f721466c
- https://git.kernel.org/stable/c/edacf1613f7b26423ebfa8b2892e7453c4235354