CVE-2026-43463
Analyzed Analyzed - Analysis Complete
Kernel NULL Pointer Dereference in Linux rxrpc and afs

Publication date: 2026-05-08

Last updated on: 2026-05-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() rxrpc_kernel_lookup_peer() can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: (1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL on allocation failure. (2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the error code returned.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-20
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43463
EUVD
EUVD-2026-28769
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7.3 (inc) to 6.8 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 6.8 (inc) to 6.18.19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's rxrpc and afs components. The issue is due to a missing error pointer check after the function rxrpc_kernel_lookup_peer() is called. This function can return error pointers in addition to NULL, but previously only NULL was checked, which is insufficient.

The fix involved changing rxrpc_kernel_lookup_peer() to return a specific error code (-ENOMEM) instead of NULL when an allocation failure occurs, and updating the callers in afs to properly check for error pointers using IS_ERR() and PTR_ERR() macros.

Mitigation Strategies

To mitigate this vulnerability, update the Linux kernel to a version where the rxrpc and afs components have been fixed to properly handle error pointers after rxrpc_kernel_lookup_peer(). This includes the changes where rxrpc_kernel_lookup_peer() returns -ENOMEM instead of NULL on allocation failure and callers use IS_ERR() and PTR_ERR() to handle error codes correctly.

Impact Analysis

This vulnerability involves a missing error pointer check in the Linux kernel's rxrpc and afs components. Specifically, rxrpc_kernel_lookup_peer() can return error pointers in addition to NULL, but the code only checked for NULL, which is insufficient.

The impact could be that error conditions are not properly handled, potentially leading to incorrect behavior or crashes in the kernel components that rely on this function.

The fix involves changing the function to return a specific error code (-ENOMEM) instead of NULL on allocation failure and updating callers to properly check for error pointers.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43463. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart