Linux Kernel Vulnerability in UFS Command Trace by Vendor
CVE-2026-43471

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43471?

A vulnerability exists in the Linux kernel related to the UFS command trace functionality, leading to a potential kernel crash. This issue arises when a NULL pointer is dereferenced during the execution of the 'ufshcd_add_command_trace' function due to a failed hardware queue assignment. The bug fix involves incorporating a NULL check prior to accessing the hardware queue's ID field, thus enhancing kernel stability and security. Affected versions may experience significant operational disruptions if this flaw is exploited.

Affected Version(s)

Linux bed0896008334eeee4b4bfd7150491ca098cbf72 < 0614f5618c24fbc3d555efade22887b102ad7ad6

Linux 9307a998cb9846a2557fdca286997430bee36a2a

References

https://git.kernel.org/stable/c/0614f5618c24fbc3d555efade...

https://git.kernel.org/stable/c/be730f9ee92ae08f2bc4b3369...

https://git.kernel.org/stable/c/f4f590c6c9df7453bbda2ef91...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43471 Data

JSON