CVE-2026-46188

Source
https://cve.org/CVERecord?id=CVE-2026-46188
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46188.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46188
Downstream
Related
Published
2026-05-28T09:36:42.251Z
Modified
2026-07-08T08:02:17.799084398Z
Summary
octeon_ep_vf: add NULL check for napi_build_skb()
Details

In the Linux kernel, the following vulnerability has been resolved:

octeonepvf: add NULL check for napibuildskb()

napibuildskb() can return NULL on allocation failure. In __octepvfoqprocessrx(), the result is used directly without a NULL check in both the single-buffer and multi-fragment paths, leading to a NULL pointer dereference.

Add NULL checks after both napibuildskb() calls, properly advancing descriptors and consuming remaining fragments on failure.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46188.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1cd3b407977c3ab1d2ddc26cb7113e7fb1509cd1
Fixed
60246cdd4c515ea7d920cddf48932efcb990773e
Fixed
b0f4711b426a06fb4c4be85c36b9f5588d5140d3
Fixed
6fef6640bbf360e254cc0174365ed30ce3a07572
Fixed
dd66b42854705e4e4ee7f14d260f86c578bed3e3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46188.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.9.0
Fixed
6.12.88
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.30
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.7

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46188.json"