{"cve":{"cve_id":"CVE-2026-52941","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":null,"epss_percentile":null,"epss_as_of":null,"description":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint\n\nThe smc_msg_event tracepoint class, shared by smc_tx_sendmsg and\nsmc_rx_recvmsg, unconditionally dereferences smc->conn.lnk:\n\n\t__string(name, smc->conn.lnk->ibname)\n\nconn->lnk is only set for SMC-R; for SMC-D it is NULL. Other code on\nthese paths already handles this (e.g. !conn->lnk in\nSMC_STAT_RMB_TX_SIZE_SMALL()). With the tracepoint enabled, the first\nsendmsg()/recvmsg() on an SMC-D socket crashes:\n\n  Oops: general protection fault, probably for non-canonical address\n  KASAN: null-ptr-deref in range [...]\n  RIP: 0010:strlen+0x1e/0xa0\n  Call Trace:\n   trace_event_raw_event_smc_msg_event (net/smc/smc_tracepoint.h:44)\n   smc_rx_recvmsg (net/smc/smc_rx.c:515)\n   smc_recvmsg (net/smc/af_smc.c:2859)\n   __sys_recvfrom (net/socket.c:2315)\n   __x64_sys_recvfrom (net/socket.c:2326)\n   do_syscall_64\n\nThe faulting address 0x3e0 is offsetof(struct smc_link, ibname),\nconfirming the NULL ->lnk deref. Enabling the tracepoint requires\nroot, but the trigger itself is unprivileged: socket(AF_SMC, ...) has\nno capability check, and SMC-D negotiation needs no admin step on\ns390 or on x86 with the loopback ISM device loaded.\n\nLog an empty device name for SMC-D instead of dereferencing NULL.","published_at":"2026-06-24T07:14:29.943000Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":null,"nvd_references":["https://git.kernel.org/stable/c/68200112534bb2acd1d7117dc2d5c124868d866d","https://git.kernel.org/stable/c/720c76b930c52cd58f50eb6b10569d03dccc7959","https://git.kernel.org/stable/c/b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef","https://git.kernel.org/stable/c/d2ea0b8aef8746e147602eac87ca8538f4bc7e66","https://git.kernel.org/stable/c/561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f","https://git.kernel.org/stable/c/7bf563badd37cb796df5477d2b78bb64148a1268"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-28T17:55:22.518073Z","updated_at":"2026-06-28T23:30:49.890169Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","version_start_inclusive":true,"version_end":"68200112534bb2acd1d7117dc2d5c124868d866d","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84:68200112534bb2acd1d7117dc2d5c124868d866d"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","version_start_inclusive":true,"version_end":"720c76b930c52cd58f50eb6b10569d03dccc7959","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84:720c76b930c52cd58f50eb6b10569d03dccc7959"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","version_start_inclusive":true,"version_end":"b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84:b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","version_start_inclusive":true,"version_end":"d2ea0b8aef8746e147602eac87ca8538f4bc7e66","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84:d2ea0b8aef8746e147602eac87ca8538f4bc7e66"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","version_start_inclusive":true,"version_end":"561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84:561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84","version_start_inclusive":true,"version_end":"7bf563badd37cb796df5477d2b78bb64148a1268","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:aff3083f10bff7a37eaa2b4e6bc5fb627ddd5f84:7bf563badd37cb796df5477d2b78bb64148a1268"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"5.16","version_start_inclusive":true,"version_end":"5.16","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:5.16:5.16"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"0","version_start_inclusive":true,"version_end":"5.16","version_end_inclusive":false,"cpe23_uri":"cve5:linux:linux:0:5.16"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.1.175","version_start_inclusive":true,"version_end":"6.1.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.1.175:6.1.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.6.142","version_start_inclusive":true,"version_end":"6.6.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.6.142:6.6.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.12.92","version_start_inclusive":true,"version_end":"6.12.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.12.92:6.12.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"6.18.34","version_start_inclusive":true,"version_end":"6.18.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:6.18.34:6.18.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.0.11","version_start_inclusive":true,"version_end":"7.0.*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.0.11:7.0.*"},{"vendor_slug":"linux","vendor_name":"Linux","product_slug":"linux","product_name":"Linux","version_start":"7.1","version_start_inclusive":true,"version_end":"*","version_end_inclusive":true,"cpe23_uri":"cve5:linux:linux:7.1:*"}],"exploit_refs":[],"news":[],"references":[{"url":"https://git.kernel.org/stable/c/68200112534bb2acd1d7117dc2d5c124868d866d","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/720c76b930c52cd58f50eb6b10569d03dccc7959","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/b706d6d76a2a2793fe5ad0fbc2a75b6a460094ef","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/d2ea0b8aef8746e147602eac87ca8538f4bc7e66","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/561cf66fa9b6c86dfe4e687d2d1aeaaa6739917f","source_type":"MISC","tags":[]},{"url":"https://git.kernel.org/stable/c/7bf563badd37cb796df5477d2b78bb64148a1268","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2026-06-24T07:14:29.943000Z","label":"CVE published","source":null}]}