CVE-2026-43013
Analyzed Analyzed - Analysis Complete
NULL Pointer Dereference in Linux Kernel MLX5 LAG DebugFS

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: lag: Check for LAG device before creating debugfs __mlx5_lag_dev_add_mdev() may return 0 (success) even when an error occurs that is handled gracefully. Consequently, the initialization flow proceeds to call mlx5_ldev_add_debugfs() even when there is no valid LAG context. mlx5_ldev_add_debugfs() blindly created the debugfs directory and attributes. This exposed interfaces (like the members file) that rely on a valid ldev pointer, leading to potential NULL pointer dereferences if accessed when ldev is NULL. Add a check to verify that mlx5_lag_dev(dev) returns a valid pointer before attempting to create the debugfs entries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43013
EUVD
EUVD-2026-26612
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.13 (inc) to 6.18.22 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.81 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.134 (exc)
linux linux_kernel From 5.19 (inc) to 6.1.168 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the fix has been applied. The fix involves adding a check to verify that mlx5_lag_dev(dev) returns a valid pointer before creating debugfs entries, preventing NULL pointer dereferences.

If updating immediately is not possible, avoid accessing debugfs interfaces related to the mlx5 LAG device, as they may trigger the NULL pointer dereference.

Executive Summary

This vulnerability exists in the Linux kernel's mlx5 network driver related to Link Aggregation Group (LAG) devices. The function __mlx5_lag_dev_add_mdev() may incorrectly return success even when an error occurs. As a result, the initialization process continues and calls mlx5_ldev_add_debugfs() without a valid LAG device context.

The mlx5_ldev_add_debugfs() function then creates debugfs directories and attributes blindly, including interfaces like the members file that expect a valid LAG device pointer. If accessed when the LAG device pointer is NULL, this can lead to NULL pointer dereferences, potentially causing crashes or undefined behavior.

The fix involves adding a check to ensure that mlx5_lag_dev(dev) returns a valid pointer before creating debugfs entries.

Impact Analysis

This vulnerability can lead to NULL pointer dereferences in the Linux kernel's network driver, which may cause system instability or crashes if the debugfs interfaces are accessed when the LAG device context is invalid.

Such crashes or undefined behavior could disrupt network functionality or system operations, potentially leading to denial of service conditions on affected systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43013. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart