CVE-2026-43055
Linux Kernel SCSI Target File Use-After-Free
Publication date: 2026-05-01
Last updated on: 2026-05-03
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause unintended write failures during asynchronous I/O operations on the affected Linux kernel. As a result, write commands may fail unexpectedly, potentially leading to data write errors or disruptions in applications relying on these write operations.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's SCSI target file handling. Specifically, the target_core_file component does not properly initialize the aio_cmd's iocb field for ki_write_stream. When a write command (fd_execute_rw_aio()) is executed, the ki_write_stream value may be incorrect or bogus. This can cause unintended write failures when the system checks if iocb->ki_write_stream exceeds the maximum allowed write streams in the block device.
The fix involves using kzalloc_flex to allocate the aio_cmd structure, which ensures that ki_write_stream is initialized to zero, preventing the erroneous write failure.