2468268 – (CVE-2026-43473) CVE-2026-43473 kernel: scsi: mpi3mr: Add NULL checks when resetting request and reply queues

Bug 2468268 (CVE-2026-43473) - CVE-2026-43473 kernel: scsi: mpi3mr: Add NULL checks when resetting request and reply queues

Summary: CVE-2026-43473 kernel: scsi: mpi3mr: Add NULL checks when resetting request a...

Keywords:
Status:	NEW
Alias:	CVE-2026-43473
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-05-08 15:07 UTC by OSIDB Bzimport
Modified:	2026-05-09 02:02 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-05-08 15:07:56 UTC

In the Linux kernel, the following vulnerability has been resolved:

scsi: mpi3mr: Add NULL checks when resetting request and reply queues

The driver encountered a crash during resource cleanup when the reply and
request queues were NULL due to freed memory.  This issue occurred when the
creation of reply or request queues failed, and the driver freed the memory
first, but attempted to mem set the content of the freed memory, leading to
a system crash.

Add NULL pointer checks for reply and request queues before accessing the
reply/request memory during cleanup

Comment 1 Keith Grant 2026-05-09 01:59:38 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050805-CVE-2026-43473-cae2@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.