CVE-2026-43473

NameCVE-2026-43473
DescriptionIn the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when the reply and request queues were NULL due to freed memory. This issue occurred when the creation of reply or request queues failed, and the driver freed the memory first, but attempted to mem set the content of the freed memory, leading to a system crash. Add NULL pointer checks for reply and request queues before accessing the reply/request memory during cleanup
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)bullseye5.10.223-1fixed
bullseye (security)5.10.257-1fixed
bookworm6.1.170-3fixed
bookworm (security)6.1.174-1fixed
trixie6.12.86-1fixed
trixie (security)6.12.90-2fixed
forky7.0.9-1fixed
sid7.0.10-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsourcebullseye(not affected)
linuxsourcebookworm6.1.170-1
linuxsourcetrixie6.12.85-1
linuxsource(unstable)6.19.10-1

Notes

[bullseye] - linux <not-affected> (Vulnerable code not present)
https://git.kernel.org/linus/fa96392ebebc8fade2b878acb14cce0f71016503 (7.0-rc2)
Search for package or bug name: Reporting problems