Dangling Pointer Vulnerability in Linux Kernel XFS Module
CVE-2026-43063

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 5 May 2026

What is CVE-2026-43063?

A vulnerability has been identified in the XFS filesystem module of the Linux kernel, where a failure during the recovery process can lead to dereferencing a dangling pointer. Specifically, when the xlog_recovery_iget functions encounter an error, they do not assign a valid pointer to the @ip variable. Consequently, any subsequent attempts to release this pointer can cause instability and potential exploit pathways. This flaw underscores the importance of proper pointer management in kernel code to maintain system integrity.

Affected Version(s)

Linux ae673f534a30976ce5e709c4535a59c12b786ef3

Linux ae673f534a30976ce5e709c4535a59c12b786ef3 < 40082d08b638485cbaa543dc8087a3d1844d6f08

References

https://git.kernel.org/stable/c/b5c5a50c2f513d4a13a676356...

https://git.kernel.org/stable/c/a1a5df1038f0b3c560d204270...

https://git.kernel.org/stable/c/40082d08b638485cbaa543dc8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43063 Data

JSON