NULL pointer dereference in Linux kernel - CVE-2026-53204
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in stratix10_rsu_probe() and the stratix10 RSU receive callback path when handling rsu_send_msg() timeouts during probe. A local user can trigger a timeout condition so that additional requests are queued on a channel whose scl pointer has been cleared to cause a denial of service.
The issue occurs in error paths for COMMAND_RSU_DCMF_VERSION, COMMAND_RSU_DCMF_STATUS, COMMAND_RSU_MAX_RETRY, and COMMAND_RSU_GET_SPT_TABLE.