Description
In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: lag: Check for LAG device before creating debugfs

__mlx5_lag_dev_add_mdev() may return 0 (success) even when an error
occurs that is handled gracefully. Consequently, the initialization
flow proceeds to call mlx5_ldev_add_debugfs() even when there is no
valid LAG context.

mlx5_ldev_add_debugfs() blindly created the debugfs directory and
attributes. This exposed interfaces (like the members file) that rely on
a valid ldev pointer, leading to potential NULL pointer dereferences if
accessed when ldev is NULL.

Add a check to verify that mlx5_lag_dev(dev) returns a valid pointer
before attempting to create the debugfs entries.
Published: 2026-05-01
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the Mellanox mlx5 driver for Link Aggregation Group (LAG) devices can create a debugfs interface even when the LAG context is missing. When the initialization function _mlx5_lag_dev_add_mdev() mistakenly reports success after an internal error, the subsequent mlx5_ldev_add_debugfs() call creates a debugfs directory and attributes that expect a valid device pointer. A null pointer dereference may occur if an attacker accesses these malformed files, leading to a kernel crash and denial of service. This flaw is a direct result of a null‑pointer dereference (CWE‑476) and unchecked return value handling (CWE‑824).

Affected Systems

This behavior exists in all Linux kernel releases that include the mlx5 LAG driver prior to the patch, covering the current 6.x and 7.x series as well as the 7.0 release candidates 1 through 6. The affected product is the Linux kernel and any derivative builds that ship the net/mlx5 module without the fix.

Risk and Exploitability

The CVSS base score of 5.5 indicates moderate severity. The EPSS score is below 1 %, and the vulnerability is not listed in CISA’s KEV catalog, implying limited exploitation activity. Based on the description, it is inferred that an unprivileged local user could read or write the exposed debugfs entries, providing a local attack vector. A kernel crash could be triggered by accessing the malformed debugfs entries, but it does not provide a clear path to privilege escalation or remote code execution.

Generated by OpenCVE AI on May 7, 2026 at 23:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel update that includes the null‑check before creating debugfs entries.
  • If a kernel upgrade is not feasible immediately, restrict or remove read/write access to the mlx5 debugfs directory from unprivileged users to prevent exploitation.
  • Consider enabling kernel hardening features such as CONFIG_DEBUG_KERNEL or other mitigations that log or block kernel panics caused by user‑space processes, reducing the damage window.

Generated by OpenCVE AI on May 7, 2026 at 23:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Thu, 07 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Fri, 01 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net/mlx5: lag: Check for LAG device before creating debugfs __mlx5_lag_dev_add_mdev() may return 0 (success) even when an error occurs that is handled gracefully. Consequently, the initialization flow proceeds to call mlx5_ldev_add_debugfs() even when there is no valid LAG context. mlx5_ldev_add_debugfs() blindly created the debugfs directory and attributes. This exposed interfaces (like the members file) that rely on a valid ldev pointer, leading to potential NULL pointer dereferences if accessed when ldev is NULL. Add a check to verify that mlx5_lag_dev(dev) returns a valid pointer before attempting to create the debugfs entries.
Title net/mlx5: lag: Check for LAG device before creating debugfs
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:16:00.983Z

Reserved: 2026-05-01T14:12:55.974Z

Link: CVE-2026-43013

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-01T15:16:45.243

Modified: 2026-05-07T20:28:55.537

Link: CVE-2026-43013

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-01T00:00:00Z

Links: CVE-2026-43013 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T23:45:40Z

Weaknesses