Skip to main content

Linux Kernel CVE-2026-43013

| EUVDEUVD-2026-26612 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-05-01 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

7
Analysis Generated
May 07, 2026 - 20:37 vuln.today
CVSS changed
May 07, 2026 - 20:37 NVD
5.5 (MEDIUM)
Patch available
May 01, 2026 - 16:33 EUVD
Patch released
May 01, 2026 - 15:24 nvd
Patch available
EUVD ID Assigned
May 01, 2026 - 15:00 euvd
EUVD-2026-26612
CVE Published
May 01, 2026 - 14:15 nvd
MEDIUM 5.5
CVE Published
May 01, 2026 - 14:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: lag: Check for LAG device before creating debugfs

__mlx5_lag_dev_add_mdev() may return 0 (success) even when an error occurs that is handled gracefully. Consequently, the initialization flow proceeds to call mlx5_ldev_add_debugfs() even when there is no valid LAG context.

mlx5_ldev_add_debugfs() blindly created the debugfs directory and attributes. This exposed interfaces (like the members file) that rely on a valid ldev pointer, leading to potential NULL pointer dereferences if accessed when ldev is NULL.

Add a check to verify that mlx5_lag_dev(dev) returns a valid pointer before attempting to create the debugfs entries.

AnalysisAI

Null pointer dereference in Linux kernel net/mlx5 LAG (Link Aggregation) driver allows local authenticated attackers to cause denial of service by accessing debugfs interfaces when LAG device context is invalid. The vulnerability exists in mlx5_ldev_add_debugfs() which creates debugfs entries without validating that a valid LAG context exists, exposing the members file and other interfaces that depend on a valid ldev pointer. EPSS exploitation probability is 0.02% (percentile 7%), indicating low real-world exploitation likelihood despite the vulnerability's availability for patching.

Technical ContextAI

The vulnerability resides in the Mellanox mlx5 driver's LAG (Link Aggregation Group) implementation within the Linux kernel network stack. The mlx5 driver supports multi-port network interfaces with LAG functionality for failover and load balancing. The __mlx5_lag_dev_add_mdev() function may return success (0) even when a recoverable error occurs during LAG initialization, allowing execution to proceed to mlx5_ldev_add_debugfs(). This function unconditionally creates debugfs entries (kernel debug filesystem interfaces) including the 'members' attribute without first verifying that mlx5_lag_dev(dev) returns a valid non-NULL pointer. The debugfs interfaces are designed to expose LAG device state information but internally dereference the ldev (LAG device) pointer without null checks, creating a CWE-476 NULL pointer dereference condition. CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:* indicates this affects the Linux kernel across versions.

RemediationAI

Apply kernel updates patching the vulnerability: Linux 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, or 7.0. For systems unable to update immediately, disable LAG functionality on mlx5 network interfaces by avoiding multi-device bonding configurations or reverting to single-port mode; this eliminates the initialization error path that triggers the vulnerability. Additionally, restrict local user access to debugfs by mounting with 'debugfs_restricted' or removing debugfs entirely from production systems if debug interfaces are not required. Kernel commit patches are available at https://git.kernel.org/stable/ and integrated into stable kernel branches; vendors (Red Hat, Ubuntu, SUSE, etc.) typically backport these fixes within 1-2 weeks of upstream release. Note: Disabling LAG reduces network redundancy and must be weighed against availability requirements.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43013 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy