Vulnerabilities ›

CVE-2026-43282

Medium

CWE-476 — Weakness Type

                    Published: May 6, 2026                      ·  Modified: May 9, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port

The function ionic_query_port() calls ib_device_get_netdev() without
checking the return value which could lead to NULL pointer dereference,
Fix it by checking the return value and return -ENODEV if the 'ndev' is
NULL.

🤖 AI Executive Summary

A NULL pointer dereference vulnerability exists in the Linux kernel's RDMA/ionic driver in the ionic_query_port() function due to unchecked return value from ib_device_get_netdev(). This could lead to kernel crashes and denial of service on systems using RDMA over Converged Ethernet.

📄 Description (Arabic)

تحتوي دالة ionic_query_port() في برنامج تشغيل RDMA/ionic على ثغرة حيث لا يتم التحقق من قيمة الإرجاع من ib_device_get_netdev()، مما قد يؤدي إلى إلغاء مؤشر فارغ. يمكن أن يسبب هذا انهيار النواة وحالات رفض الخدمة على الأنظمة التي تستخدم RDMA عبر Converged Ethernet.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 25, 2026 06:18

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

banking telecom energy government

🎯 MITRE ATT&CK Techniques

T1499.004

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update the Linux kernel to the latest patched version that includes the fix for ionic_query_port(). Verify that ib_device_get_netdev() return values are properly validated before use. Apply kernel security patches from your distribution vendor immediately.

🔧 خطوات المعالجة (العربية)

قم بتحديث نواة لينكس إلى أحدث إصدار مصحح يتضمن إصلاح ionic_query_port(). تحقق من أن قيم الإرجاع من ib_device_get_netdev() يتم التحقق منها بشكل صحيح قبل الاستخدام. طبق تصحيحات أمان النواة من موزع التوزيعة الخاص بك على الفور.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC-2.1 ECC-3.1

🔵 SAMA CSF

ID.BE-5.1 PR.PT-3.1

🟡 ISO 27001:2022

A.12.2.1 A.12.6.1

🔗 References & Sources 3

🔗

https://git.kernel.org/stable/c/2b96156c927cd83c109e2e3946e6111dce73231f

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/81932a46dfd0db10a03f46f0b1c7ef946ac4552f

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/fd80bd7105f88189f47d465ca8cb7d115570de30

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

📦 Affected Products / CPE 3 entries

linux:linux_kernel

linux:linux_kernel:7.0

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score5.5

CWECWE-476

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-05-06

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

patch-available CWE-476

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-43282

Introduce Yourself

Sign In Required