CVE-2026-43431
NULL Pointer Dereference in Linux Kernel XHCI Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference bug in the Linux kernel's xhci driver related to portli debugfs files.
It occurs when the number of port registers counted in xhci->max_ports is greater than the number of ports reported by Supported Protocol capabilities. This mismatch can happen if max_ports exceeds the maximum port number or if there are gaps between ports of different speeds.
In such cases, a pointer (port->rhub) becomes NULL, and the code attempts to dereference it, causing a kernel Oops (crash). The fix adds an explicit NULL check to prevent dereferencing the NULL pointer.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to crash (kernel Oops) when accessing certain debugfs files related to USB ports.
A kernel crash can lead to system instability, potential denial of service, and disruption of normal operations.