CVE-2026-46188
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel due to a lack of NULL checks after calling the napi_build_skb() function. In case of allocation failure, the result can lead to a NULL pointer dereference.
Risk Assessment
The absence of proper checks may lead to system crashes or unexpected application behavior, posing a risk to system stability and security.
Recommendation
It is recommended to update the Linux kernel to the latest version where appropriate NULL checks after napi_build_skb() calls have been implemented.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: octeon_ep_vf: add NULL check for napi_build_skb() napi_build_skb() can return NULL on allocation failure. In __octep_vf_oq_process_rx(), the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading to a NULL pointer dereference. Add NULL checks after both napi_build_skb() calls, properly advancing descriptors and consuming remaining fragments on failure.

