PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-52939 Linux CVE debrief

A vulnerability in the Linux kernel's RDS/IB (Remote Direct Memory Access over InfiniBand) implementation could allow an unprivileged user to trigger a NULL pointer dereference. The issue arises from the handling of masked atomic completions in the rds_ib_send_cqe_handler() function. When a masked atomic opcode is used, the function does not properly handle it, leading to a NULL pointer dereference. This vulnerability can be triggered by sending an atomic cmsg over an active RDS/IB connection using the AF_RDS socket.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-24
Original CVE updated
2026-07-07
Advisory published
2026-06-24
Advisory updated
2026-07-07

Who should care

System administrators and users of Linux-based systems, particularly those using RDS/IB, should be aware of this vulnerability. An unprivileged user could potentially exploit this vulnerability to cause a denial-of-service (DoS) or possibly execute arbitrary code with elevated privileges.

Technical summary

The vulnerability is caused by the rds_ib_send_unmap_op() function not handling masked atomic opcodes correctly. The function only handles non-masked opcodes, and when a masked atomic completion is encountered, it falls through to the default case and returns a NULL pointer. The rds_ib_send_cqe_handler() function then dereferences this NULL pointer, causing a NULL pointer dereference error. The issue can be resolved by properly handling masked atomic opcodes in the rds_ib_send_unmap_op() function.

Defensive priority

High

Recommended defensive actions

  • Apply the official patch or update to a fixed version of the Linux kernel
  • Restrict access to RDS/IB connections to only privileged users
  • Monitor system logs for suspicious activity related to RDS/IB
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The vulnerability was resolved by handling masked atomic opcodes in the same case as non-masked ones. The existing container_of()/rds_ib_send_unmap_atomic() body is correct for them. The fix involves modifying the rds_ib_send_unmap_op() function to properly handle masked atomic completions.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-24T08:16:24.160Z and has not been modified since then.