CVE-2026-31425

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Reliable Delivery Service (RDS) implementation for InfiniBand (IB). The function rds ib get mr() allows FRMR memory registration to proceed before an IB connection is fully established. Specifically, when sendmsg() is called with RDS CMSG RDMA MAP on a new outgoing connection, the system may attempt to dereference ic->i cm id->qp before the rdma cm id is created, leading to a kernel crash via a null pointer dereference. This occurs because the existing check in rds ib reg frmr() only verifies if the connection object ic is non-NULL, but does not verify if the underlying connection identifiers are initialized.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.