NULL Pointer Vulnerability in Linux Kernel Driver for SCSI
CVE-2026-43473

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43473?

A vulnerability exists within the Linux kernel's SCSI driver where NULL checks were missing during the cleanup process of reply and request queues. This flaw could result in a system crash if the driver attempts to access freed memory after failing to create these queues, leading to undefined behavior. Guidance has been provided to implement NULL pointer checks to prevent this condition, thus enhancing system stability and reliability during resource cleanup.

Affected Version(s)

Linux fe6db615156573d3f6a37564b8a590cb03bbaf25 < 7df0296ad4e9253d12c6dbe7f120044dddc95600

Linux fe6db615156573d3f6a37564b8a590cb03bbaf25 < 7da755e0d02e9ca035065127e108d1fed8950dc8

Linux fe6db615156573d3f6a37564b8a590cb03bbaf25 < 78d3f201f8b609928eade53cf03a52df5415aaf7

References

https://git.kernel.org/stable/c/7df0296ad4e9253d12c6dbe7f...

https://git.kernel.org/stable/c/7da755e0d02e9ca035065127e...

https://git.kernel.org/stable/c/78d3f201f8b609928eade53cf...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43473 Data

JSON