NULL pointer dereference in Linux kernel - CVE-2026-53324
Published: June 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the mana debugfs directory creation logic when creating per-device debugfs directories for virtual functions. A local user can trigger device initialization in an environment where pdev->slot is NULL to cause a denial of service.
The issue can occur in environments such as generic VFIO passthrough or nested KVM.