CVE-2026-43473
NULL Pointer Dereference in Linux Kernel mpi3mr Driver
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is resolved by adding NULL pointer checks in the Linux kernel's mpi3mr driver to prevent crashes during resource cleanup.
To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's mpi3mr SCSI driver. It occurs when the driver attempts to reset request and reply queues during resource cleanup. If the creation of these queues fails, the driver frees the associated memory but then tries to access and modify this freed memory without checking if the pointers are NULL. This leads to a system crash.
The fix involved adding NULL pointer checks before accessing the reply and request queues during cleanup to prevent the driver from accessing freed memory.
How can this vulnerability impact me? :
This vulnerability can cause the system to crash when the mpi3mr driver attempts to clean up resources after a failure in creating request or reply queues. Such crashes can lead to system instability, potential downtime, and disruption of services running on the affected Linux system.