CVE-2026-43473
Analyzed Analyzed - Analysis Complete
NULL Pointer Dereference in Linux Kernel mpi3mr Driver

Publication date: 2026-05-08

Last updated on: 2026-05-21

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when the reply and request queues were NULL due to freed memory. This issue occurred when the creation of reply or request queues failed, and the driver freed the memory first, but attempted to mem set the content of the freed memory, leading to a system crash. Add NULL pointer checks for reply and request queues before accessing the reply/request memory during cleanup
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-21
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43473
EUVD
EUVD-2026-28779
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 5.17 (inc) to 6.1.167 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is resolved by adding NULL pointer checks in the Linux kernel's mpi3mr driver to prevent crashes during resource cleanup.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Executive Summary

This vulnerability exists in the Linux kernel's mpi3mr SCSI driver. It occurs when the driver attempts to reset request and reply queues during resource cleanup. If the creation of these queues fails, the driver frees the associated memory but then tries to access and modify this freed memory without checking if the pointers are NULL. This leads to a system crash.

The fix involved adding NULL pointer checks before accessing the reply and request queues during cleanup to prevent the driver from accessing freed memory.

Impact Analysis

This vulnerability can cause the system to crash when the mpi3mr driver attempts to clean up resources after a failure in creating request or reply queues. Such crashes can lead to system instability, potential downtime, and disruption of services running on the affected Linux system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43473. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart