{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23242","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:45.989Z","datePublished":"2026-03-18T10:05:05.108Z","dateUpdated":"2026-05-11T22:03:04.396Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:03:04.396Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp->rx_fpdu->more_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[  101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[  101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/sw/siw/siw_qp_rx.c"],"versions":[{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"ab61841633d10e56a58c1493a262f0d02dba2f5e","status":"affected","versionType":"git"},{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"8564dcc12fbb372d984ab45768cae9335777b274","status":"affected","versionType":"git"},{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"ab957056192d6bd068b3759cb2077d859cca01f0","status":"affected","versionType":"git"},{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"ffba40b67663567481fa8a1ed5d2da36897c175d","status":"affected","versionType":"git"},{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"87b7a036d2c73d5bb3ae2d47dee23de465db3355","status":"affected","versionType":"git"},{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"714c99e1dc8f85f446e05be02ba83972e981a817","status":"affected","versionType":"git"},{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"ce025f7f5d070596194315eb2e4e89d568b8a755","status":"affected","versionType":"git"},{"version":"8b6a361b8c482f22ac99c3273285ff16b23fba91","lessThan":"14ab3da122bd18920ad57428f6cf4fade8385142","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/infiniband/sw/siw/siw_qp_rx.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"5.10.252","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.202","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.165","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.128","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.75","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.14","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.252"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.15.202"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.12.75"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.18.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.19.4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"7.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/ab61841633d10e56a58c1493a262f0d02dba2f5e"},{"url":"https://git.kernel.org/stable/c/8564dcc12fbb372d984ab45768cae9335777b274"},{"url":"https://git.kernel.org/stable/c/ab957056192d6bd068b3759cb2077d859cca01f0"},{"url":"https://git.kernel.org/stable/c/ffba40b67663567481fa8a1ed5d2da36897c175d"},{"url":"https://git.kernel.org/stable/c/87b7a036d2c73d5bb3ae2d47dee23de465db3355"},{"url":"https://git.kernel.org/stable/c/714c99e1dc8f85f446e05be02ba83972e981a817"},{"url":"https://git.kernel.org/stable/c/ce025f7f5d070596194315eb2e4e89d568b8a755"},{"url":"https://git.kernel.org/stable/c/14ab3da122bd18920ad57428f6cf4fade8385142"}],"title":"RDMA/siw: Fix potential NULL pointer dereference in header processing","x_generator":{"engine":"bippy-1.2.0"}}}}