CVE Catalog

CVE-2026-46188

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel due to a lack of NULL checks after calling the napi_build_skb() function. In case of allocation failure, the result can lead to a NULL pointer dereference.

Risk Assessment

The absence of proper checks may lead to system crashes or unexpected application behavior, posing a risk to system stability and security.

Recommendation

It is recommended to update the Linux kernel to the latest version where appropriate NULL checks after napi_build_skb() calls have been implemented.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: octeon_ep_vf: add NULL check for napi_build_skb() napi_build_skb() can return NULL on allocation failure. In __octep_vf_oq_process_rx(), the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading to a NULL pointer dereference. Add NULL checks after both napi_build_skb() calls, properly advancing descriptors and consuming remaining fragments on failure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS