CVE-2026-43192 - Vulnerability Details

- dm mpath: Add missing dm_put_device when failing to get scsi dh name

Description

In the Linux kernel, the following vulnerability has been resolved:

dm mpath: Add missing dm_put_device when failing to get scsi dh name

When commit fd81bc5cca8f ("scsi: device_handler: Return error pointer in
scsi_dh_attached_handler_name()") added code to fail parsing the path if
scsi_dh_attached_handler_name() failed with -ENOMEM, it didn't clean up
the reference to the path device that had just been taken. Fix this, and
steamline the error paths of parse_path() a little.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A missing reference release in the Linux kernel’s device mapper multipath (dm mpath) module caused a resource leak when the kernel failed to retrieve a SCSI device handler (scsi_dh) name with an out‑of‑memory error. The leak occurs because the module does not call dm_put_device() to drop the reference to the path device. Over time, repeated invocations can exhaust kernel memory or lead to system instability, potentially allowing an attacker to force a denial‑of‑service scenario.

Affected Systems

The vulnerability applies to Linux systems running a kernel version that lacks commit fd81bc5cca8f. Any distribution shipping an affected kernel is impacted. No specific version range is provided in the CVE record, but any kernel missing this commit is susceptible.

Risk and Exploitability

The EPSS score is 0.00021, indicating a very low likelihood of exploitation, and the vulnerability is not listed in CISA KEV. The CVSS score of 5.5 indicates medium severity. Because the flaw requires the kernel to parse a device path and the exploitable condition is triggered by a negative allocation error, the attack vector is likely local with elevated privileges. The risk to confidentiality or integrity is low; the primary risk is availability due to resource exhaustion.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`fd81bc5cca8fc6936a8988de6b5d4c5693b6587e`	affected	< 4aa5c37b7d8019f7296111c1add00e7214baae60
`fd81bc5cca8fc6936a8988de6b5d4c5693b6587e`	affected	< 787bd63ee661b0148ce8e1fde92b7afddd85c446

Linux

affected

Version	Status	Constraints
`6.19`	affected	—
`0`	unaffected	< 6.19
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[fd81bc5cca8fc6936a8988de6b5d4c5693b6587e,4aa5c37b7d8019f7296111c1add00e7214baae60)`	affected	code_commit	—
`[fd81bc5cca8fc6936a8988de6b5d4c5693b6587e,787bd63ee661b0148ce8e1fde92b7afddd85c446)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.19`	affected	semver	—
`[0,6.19)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes commit fd81bc5cca8f or later.
Restrict access to the device-mapper multipath interfaces to prevent untrusted users from triggering malformed path parsing.
Consider disabling multipath or enabling kernel hardening options such as CONFIG_HARDENED_USERCOPY to reduce the impact of memory leaks.

Generated by OpenCVE AI on May 12, 2026 at 00:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/4aa5c37b7d8019f7296111c1add00e7214baae60
https://git.kernel.org/stable/c/787bd63ee661b0148ce8e1fde92b7afddd85c446
https://lore.kernel.org/linux-cve-announce/2026050642-CVE-2026-43192-3fa4@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43192
https://www.cve.org/CVERecord?id=CVE-2026-43192

History

Mon, 11 May 2026 23:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Mon, 11 May 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026050642-CVE-2026-43192-3fa4@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43192 https://www.cve.org/CVERecord?id=CVE-2026-43192
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 06 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: dm mpath: Add missing dm_put_device when failing to get scsi dh name When commit fd81bc5cca8f ("scsi: device_handler: Return error pointer in scsi_dh_attached_handler_name()") added code to fail parsing the path if scsi_dh_attached_handler_name() failed with -ENOMEM, it didn't clean up the reference to the path device that had just been taken. Fix this, and steamline the error paths of parse_path() a little.
Title		dm mpath: Add missing dm_put_device when failing to get scsi dh name
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4aa5c37b7d8019f7296111c1add00e7214baae60 https://git.kernel.org/stable/c/787bd63ee661b0148ce8e1fde92b7afddd85c446

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:01.182Z

Updated: 2026-05-11T22:19:37.538Z

Reserved: 2026-05-01T14:12:55.992Z

Link: CVE-2026-43192

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:38.083

Modified: 2026-05-11T20:36:39.877

Link: CVE-2026-43192

Redhat

Severity : Low

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43192 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-12T00:30:04Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object