PT-2026-43833 · Linux+2 · Linux Kernel+2
CVE-2026-45966
·
Published
2026-05-27
·
Updated
2026-07-06
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions 6.17 through 6.17
Description
A NULL pointer dereference occurs in the
unix needs revalidation() function when receiving file descriptors via SCM RIGHTS. During socket setup or teardown, both the socket pointer and the socket's sk pointer can be NULL. The function attempts to access sock->sk->sk family without verifying if sock or sock->sk are NULL, leading to a kernel crash.Recommendations
Update the Linux kernel to a version where NULL checks for
sock and sock->sk are implemented in the unix needs revalidation() function before accessing sk family.Exploit
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Linux Kernel
Ubuntu