Buffer Initialization Vulnerability in Linux Kernel
CVE-2026-43055

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43055?

In the Linux kernel, a vulnerability exists within the scsi target subsystem that leads to improper initialization of the aio_cmd->iocb for the ki_write_stream. When a write command is executed, an erroneous ki_write_stream value can result in misleading write failure statuses, particularly when comparing iocb->ki_write_stream against the maximum allowed. The issue has been addressed by switching to kzalloc_flex for aio_cmd allocation, ensuring that ki_write_stream is initialized to zero, thereby enhancing the stability and reliability of the SCSI target functionality.

Affected Version(s)

Linux 732f25a2895a8c1c54fb56544f0b1e23770ef4d7

Linux 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 < 4eaff1728d0e69b95933412241bbccf4f797dba8

Linux 732f25a2895a8c1c54fb56544f0b1e23770ef4d7 < 01f784fc9d0ab2a6dac45ee443620e517cb2a19b

References

https://git.kernel.org/stable/c/ce54802fe6bb78eb0feffc66f...

https://git.kernel.org/stable/c/4eaff1728d0e69b9593341224...

https://git.kernel.org/stable/c/01f784fc9d0ab2a6dac45ee44...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43055 Data

JSON