CVE-2026-43055
Analyzed Analyzed - Analysis Complete
Linux Kernel SCSI Target File Use-After-Free

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzalloc_flex for aio_cmd The target_core_file doesn't initialize the aio_cmd->iocb for the ki_write_stream. When a write command fd_execute_rw_aio() is executed, we may get a bogus ki_write_stream value, causing unintended write failure status when checking iocb->ki_write_stream > max_write_streams in the block device. Let's just use kzalloc_flex when allocating the aio_cmd and let ki_write_stream=0 to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43055
EUVD
EUVD-2026-26654
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.12 (exc)
linux linux_kernel From 6.16 (inc) to 6.18.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can cause unintended write failures during asynchronous I/O operations on the affected Linux kernel. As a result, write commands may fail unexpectedly, potentially leading to data write errors or disruptions in applications relying on these write operations.

Executive Summary

This vulnerability exists in the Linux kernel's SCSI target file handling. Specifically, the target_core_file component does not properly initialize the aio_cmd's iocb field for ki_write_stream. When a write command (fd_execute_rw_aio()) is executed, the ki_write_stream value may be incorrect or bogus. This can cause unintended write failures when the system checks if iocb->ki_write_stream exceeds the maximum allowed write streams in the block device.

The fix involves using kzalloc_flex to allocate the aio_cmd structure, which ensures that ki_write_stream is initialized to zero, preventing the erroneous write failure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43055. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart