Primary

Context

Linux Kernel Stratix 10 NULL Pointer Dereference Vulnerability in Remote System Update Driver

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in the Linux kernel's Stratix 10 Remote System Update (RSU) driver. This issue occurs when RSU is disabled in the First Stage Boot Loader (FSBL). The driver attempts to execute a thread that accesses a freed channel, leading to a kernel panic. The vulnerability arises because the driver fails to properly handle the absence of RSU, allowing a thread to be registered with an invalid channel, which then causes the NULL pointer dereference.

Impact

Exploitation of this vulnerability leads to a kernel panic due to a NULL pointer dereference, causing a denial of service by crashing the kernel.

Remediation

Users can apply the available patch in the Linux kernel stable tree to address this vulnerability.

Added: May 8, 2026, 8:50 PM

Updated: May 8, 2026, 8:50 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

7.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

3.5

remediation

7.7

relevance

7.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Stratix 10 NULL Pointer Dereference Vulnerability in Remote System Update Driver

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating