CVE-2026-43431 Linux CVE debrief

Who should care

Linux kernel maintainers, distribution security teams, and operators of systems running affected kernel builds should care, especially where local users may access debugfs-backed xhci diagnostics.

Technical summary

The issue is in xhci debugfs handling for the portli files. The kernel can count more ports in xhci->max_ports than are reported by Supported Protocol capabilities, or encounter gaps between ports of different speeds. In those cases, port->rhub is NULL, so code that assumes it can reach xhci through port->rhub can dereference a null pointer while reading portli debugfs files. The fix adds an explicit NULL check and prints portli in hex without dereferencing port->rhub.

Defensive priority

Medium

Recommended defensive actions

• Apply the Linux kernel fix referenced by the official kernel.org patch links in the NVD record.
• Update affected kernels identified by NVD: Linux kernel 6.19 through before 6.19.9, and 7.0-rc1 through 7.0-rc4.
• Review whether debugfs exposure is necessary on production systems and restrict access where possible.
• Prioritize validation on systems using xHCI hardware and kernels that include the newly added portli debugfs path.
• Monitor for unexpected kernel crashes or oopses when diagnostic debugfs files are read.

Evidence notes

Source description states the bug is a NULL pointer dereference in the recently added xhci portli debugfs files. The record says the problem occurs when xhci->max_ports exceeds ports reported by Supported Protocol capabilities or when there are gaps between ports of different speeds, leaving port->rhub NULL. NVD classifies the weakness as CWE-476 and gives CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. NVD vulnerability status is Analyzed, and the vulnerable CPE criteria cover Linux kernel 6.19 up to but not including 6.19.9, plus 7.0-rc1 through 7.0-rc4.

Official resources