CVE-2026-43473
Published: May 9, 2026Last modified: May 9, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when the reply and request queues were NULL due to freed memory. This issue occurred when the creation of reply or request queues failed, and the driver freed the memory first, but attempted to mem set the content of the freed memory, leading to a system crash. Add NULL pointer checks for reply and request queues before accessing the reply/request memory during cleanup
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.167-r0) |
| 25 LTS | linux-lts | Fixed (6.12.80-r0) | |
| Stream | linux-lts | Fixed (6.12.80-r0) |
References
- https://git.kernel.org/stable/c/220d7ca70611a73d50ef8e9edac630ed1ececb7c
- https://git.kernel.org/stable/c/78d3f201f8b609928eade53cf03a52df5415aaf7
- https://git.kernel.org/stable/c/7da755e0d02e9ca035065127e108d1fed8950dc8
- https://git.kernel.org/stable/c/7df0296ad4e9253d12c6dbe7f120044dddc95600
- https://git.kernel.org/stable/c/e978a36f332ede78eb4de037b517db16265d420d
- https://git.kernel.org/stable/c/fa96392ebebc8fade2b878acb14cce0f71016503