NULL pointer dereference in Linux kernel - CVE-2026-52941
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the smc_msg_event tracepoint when processing sendmsg() or recvmsg() on an SMC-D socket with the tracepoint enabled. A local user can trigger socket activity on an SMC-D socket to cause a denial of service.
Exploitation requires the tracepoint to be enabled, and the crash occurs on the first sendmsg() or recvmsg() on an affected SMC-D socket.
How to mitigate CVE-2026-52941
Sources
- https://git.kernel.org/stable/c/561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f
- https://git.kernel.org/stable/c/68200112534bb2acd1d7117dc2d5c124868d866d
- https://git.kernel.org/stable/c/720c76b930c52cd58f50eb6b10569d03dccc7959
- https://git.kernel.org/stable/c/7bf563badd37cb796df5477d2b78bb64148a1268
- https://git.kernel.org/stable/c/b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef
- https://git.kernel.org/stable/c/d2ea0b8aef8746e147602eac87ca8538f4bc7e66