Memory Allocation Flaw in Linux Kernel Affects AFS Protocol Handling
CVE-2026-43463

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43463?

A vulnerability in the Linux Kernel's handling of the AFS protocol has been identified where the function rxrpc_kernel_lookup_peer() could return error pointers. This issue arises from insufficient error checking after memory allocation, as it previously checked only for NULL, which is inadequate. The fix involves changing the behavior of rxrpc_kernel_lookup_peer() to return an appropriate error code (-ENOMEM) on allocation failures and ensuring that its callers utilize IS_ERR() and PTR_ERR() to handle these errors correctly.

Affected Version(s)

Linux 72904d7b9bfbf2dd146254edea93958bc35bbbfe

Linux 72904d7b9bfbf2dd146254edea93958bc35bbbfe < 54331c5dcc6d97683d7ca2788e7ef9c9505e1477

Linux 72904d7b9bfbf2dd146254edea93958bc35bbbfe < 4245a79003adf30e67f8e9060915bd05cb31d142

References

https://git.kernel.org/stable/c/d55fa7cd4b19ba91b34b307d7...

https://git.kernel.org/stable/c/54331c5dcc6d97683d7ca2788...

https://git.kernel.org/stable/c/4245a79003adf30e67f8e9060...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43463 Data

JSON