NULL pointer dereference in Linux kernel - CVE-2026-52939
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in rds_ib_send_cqe_handler() and rds_ib_send_unmap_op() when processing an atomic cmsg over an active RDS/IB connection. A local user can send a crafted AF_RDS sendmsg() request to cause a denial of service.
On hardware that natively accepts masked atomic operations, no additional setup is required.
How to mitigate CVE-2026-52939
Sources
- https://git.kernel.org/stable/c/0f22412a2f4fbbe0251c132abee045d15a90e5b6
- https://git.kernel.org/stable/c/0f7baa82a24813cdad0b06a6f8f07e4824af5ed5
- https://git.kernel.org/stable/c/34080db3e70ddf94c38512ad2331e3c3afca6cc1
- https://git.kernel.org/stable/c/4dd262f875e87653df50b138de1390ab0628e6b7
- https://git.kernel.org/stable/c/4fd34669558085bcb589aa2078a13b0ca79e360d
- https://git.kernel.org/stable/c/6e4615164d185a26badb2f376a2449f4d174a5f0
- https://git.kernel.org/stable/c/a0148342badd8c9b2e46551766a27cb76c82e715
- https://git.kernel.org/stable/c/dcf458120add64c96a6ef5cf719340453f6e6abf