NULL Pointer Dereference in Linux Kernel Affects System Stability
CVE-2026-43271

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43271?

A NULL pointer dereference vulnerability exists in the Linux Kernel's process_metadata_update function, which can lead to kernel panic under specific conditions. During the MD array startup sequence, if a METADATA_UPDATED message is received prematurely, the processing of this message occurs while the main metadata thread is uninitialized. This race condition can result in critical system failure. To mitigate this, developers must implement a check for the thread pointer's validity and return early if it is NULL, ensuring system stability.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 721599e837d3f4c0e6cc14da059612c017b6d3ec

References

https://git.kernel.org/stable/c/a61c1bc84c4a0f1e7c2fe55b0...

https://git.kernel.org/stable/c/dec123825c1ed74d98fd5fc75...

https://git.kernel.org/stable/c/721599e837d3f4c0e6cc14da0...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43271 Data

JSON