HIGHCVE-2026-4652Published Modified CNA freebsd
CVE-2026-4652: Remote denial of service via null pointer dereference
On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service condition on the affected machine.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- p5
- Affected Products
- 1
Fix available
p5
Affected packages
- FreeBSD / FreeBSD< p5 (from 15.0-RELEASE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HReferences