PatchSiren cyber security CVE debrief

CVE-2026-43471 Linux CVE debrief

CVE-2026-43471 is a Linux kernel availability issue in the UFS core path. NVD describes a possible NULL pointer dereference in ufshcd_add_command_trace() when hwq is NULL, which can crash the kernel. The published fix adds a NULL check before accessing hwq->id.

Vendor: Linux
Product: Unknown
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-05-08
Original CVE updated: 2026-05-20
Advisory published: 2026-05-08
Advisory updated: 2026-05-20

Who should care

Linux kernel maintainers, distribution security teams, and operators of systems running affected Linux kernel versions, especially environments using the UFS MCQ completion path.

Technical summary

The issue is in scsi: ufs: core. According to the advisory text, ufshcd_add_command_trace() can access hwq->id even when ufshcd_mcq_req_to_hwq() returns NULL. That creates a kernel NULL pointer dereference, evidenced by the supplied crash trace in ufshcd_add_command_trace() during UFS MCQ interrupt/completion handling. The fix is a defensive NULL check before dereferencing hwq, preventing the crash. NVD classifies the weakness as CWE-476 and rates impact as availability-only (CVSS 5.5, AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Defensive priority

Medium. This is a kernel-level crash condition with high availability impact, but the CVSS vector indicates local access and no confidentiality or integrity impact.

Recommended defensive actions

Upgrade to a Linux kernel release that includes the upstream/stable fix referenced by the official patch links.
Check whether deployed kernels fall within the vulnerable version ranges published by NVD: 6.6.41 through before 6.6.130, 6.9.10 through before 6.10, 6.10.1 through before 6.12.78, 6.13 through before 6.18.19, 6.19 and 6
Validate vendor backport status for your kernel build, since distro kernels may carry the fix without matching upstream version numbers exactly.
Prioritize systems that use the UFS MCQ path and review kernel crash logs for faults involving ufshcd_add_command_trace() or ufshcd_compl_one_cqe().
Confirm that patch management and fleet baselines reflect the CVE published date of 2026-05-08 and the updated NVD record on 2026-05-20.

Evidence notes

The CVE description states the crash occurs in ufshcd_add_command_trace() because hwq can be NULL when ufshcd_mcq_req_to_hwq() returns NULL. The supplied kernel log excerpt shows the fault occurring in ufshcd_add_command_trace() during UFS MCQ completion handling. NVD lists CWE-476 and the CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, supporting an availability-focused local kernel crash. The official NVD record also supplies the vulnerable Linux kernel version ranges and references to patch commits.

Official resources

CVE-2026-43471 CVE record
CVE.org
CVE-2026-43471 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch
Mitigation or vendor reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67 - Patch

Publicly disclosed in NVD on 2026-05-08T15:17:00.193Z and updated on 2026-05-20T18:25:59.750Z. No KEV listing is present in the supplied data.