Volerion logoVolerion
Volerion logoVolerion

Linux Kernel IPsec Resource Cleanup Vulnerability in Mellanox Switchdev Mode

Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's handling of IPsec resources for Mellanox devices when transitioning to switchdev mode. This issue occurs in versions through 6.19.0-rc5, and is caused by an improper cleanup of IPsec resources on devices that do not support IPsec, leading to a crash. The vulnerability can be reproduced by moving a Mellanox device to switchdev mode without IPsec support, which triggers a kernel null pointer dereference error.

Impact

The vulnerability causes a kernel null pointer dereference, leading to a crash.

Reproduction

To reproduce this vulnerability, move a Mellanox device to switchdev mode while the device is running a Linux kernel version through 6.19.0-rc5 and does not support IPsec. This will trigger a null pointer dereference in the kernel, causing a crash.

Remediation

Users can upgrade to a patched version of the Linux kernel that includes the fix for this vulnerability. The patch is available in the Linux kernel stable tree.

Added: May 8, 2026, 7:04 PM
Updated: May 8, 2026, 7:04 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
3.9
remediation
7.7
relevance
7.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.