Vulnerability in Linux Kernel's RDS Component Affecting Multiple Hardware Vendors
CVE-2026-52939

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 June 2026

What is CVE-2026-52939?

A vulnerability exists in the RDS (Reliable Datagram Sockets) component of the Linux kernel wherein a NULL pointer dereference can occur when handling masked atomic operations. The issue arises when the rds_ib_send_cqe_handler() function processes a masked atomic completion. Due to the improper handling of specific opcodes, it leads to a potential kernel panic, triggering a fatal exception during operation. This flaw particularly affects unprivileged users sending atomic messages over an active RDS/IB connection, potentially compromising system stability.

Affected Version(s)

Linux 20c72bd5f5f902e5a8745d51573699605bf8d21c

Linux 20c72bd5f5f902e5a8745d51573699605bf8d21c < 4dd262f875e87653df50b138de1390ab0628e6b7

Linux 20c72bd5f5f902e5a8745d51573699605bf8d21c < 6e4615164d185a26badb2f376a2449f4d174a5f0

References

https://git.kernel.org/stable/c/a0148342badd8c9b2e4655176...

https://git.kernel.org/stable/c/4dd262f875e87653df50b138d...

https://git.kernel.org/stable/c/6e4615164d185a26badb2f376...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-52939 Data

JSON