CVE-2026-22993 — NULL Pointer Dereference in Linux

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 95.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux

Timeline

PublishedJan 23

Description

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is up. If an ethtool command that accesses the rss lut is attempted immediately after reset, it will result in NULL ptr dereference. Also, there is no need to reset the rss lut if the soft reset does not involve queue count change. After soft reset, set the RSS LUT to default values based on the upda…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel6.7 — 6.18.6+1

▶Debianlinux/linux_kernel< 6.18.8-1

▶CVEListV5linux/linux02cbfba1add5bd9088c7d14c6b93b77a6ea8f3bb — a09380354d2f14759b9dd45de1bc2f6bf49e651b+3

▶debiandebian/linux< linux 6.18.8-1 (forky)

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-42mq-7943-cj3h: In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT↗2026-01-23

▶

OSV

CVE-2026-22993: In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT i↗2026-01-23

▶

📋Vendor Advisories

Red Hat

kernel: idpf: Fix RSS LUT NULL ptr issue after soft reset↗2026-01-23

▶

Debian

CVE-2026-22993: linux - In the Linux kernel, the following vulnerability has been resolved: idpf: Fix R...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-22993 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶