NULL Pointer Dereference Vulnerability in Linux Kernel by Vendor
CVE-2026-43282

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43282?

The Linux kernel contains a vulnerability in the ionic_query_port function, which fails to validate the return value from ib_device_get_netdev(). This oversight can result in a NULL pointer dereference, potentially impacting system stability and performance. The issue has been mitigated by adding a return check for the device, ensuring that a NULL device leads to an -ENODEV error return. Proper checks in code are crucial to maintain kernel integrity and prevent unexpected behavior.

Affected Version(s)

Linux 2075bbe8ef03914aa2211035eec45d1d3a5c4ff2 < 2b96156c927cd83c109e2e3946e6111dce73231f

Linux 2075bbe8ef03914aa2211035eec45d1d3a5c4ff2 < 81932a46dfd0db10a03f46f0b1c7ef946ac4552f

Linux 2075bbe8ef03914aa2211035eec45d1d3a5c4ff2

References

https://git.kernel.org/stable/c/2b96156c927cd83c109e2e394...

https://git.kernel.org/stable/c/81932a46dfd0db10a03f46f0b...

https://git.kernel.org/stable/c/fd80bd7105f88189f47d465ca...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43282 Data

JSON