CVE-2026-43463 - Vulnerability Details

- rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()

Description

In the Linux kernel, the following vulnerability has been resolved:

rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()

rxrpc_kernel_lookup_peer() can also return error pointers in addition to
NULL, so just checking for NULL is not sufficient.

Fix this by:

(1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL
on allocation failure.

(2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the
error code returned.

Published: 2026-05-08

Score: 7.0 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A missing check for error pointers in the Linux kernel's rxrpc subsystem can cause the afs module to treat an error state as a valid object. The function rxrpc_kernel_lookup_peer() may return error pointers instead of NULL, but callers only verify for NULL. When an error pointer is interpreted as a valid address and dereferenced, this can trigger a kernel crash, leading to a denial of service for the local system.

Affected Systems

All Linux kernel releases that include the rxrpc and afs components and that were built before the commit that fixes the error‑pointer handling are affected. This includes any distribution's kernel that has not yet been updated to incorporate the patch referenced in the advisory.

Risk and Exploitability

The EPSS score of <1% indicates a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw requires the kernel to process an rxrpc or afs request, the likely attack vector is local or involves trusted network traffic with sufficient privileges. The CVSS score of 7.0 reflects a Medium severity impact, primarily the loss of availability through a kernel crash.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`72904d7b9bfbf2dd146254edea93958bc35bbbfe`	affected	< d55fa7cd4b19ba91b34b307d769c149e56ad0a75
`72904d7b9bfbf2dd146254edea93958bc35bbbfe`	affected	< 54331c5dcc6d97683d7ca2788e7ef9c9505e1477
`72904d7b9bfbf2dd146254edea93958bc35bbbfe`	affected	< 4245a79003adf30e67f8e9060915bd05cb31d142
`056fc740be000d39a7dba700a935f3bbfbc664e6`	affected	—

Linux

affected

Version	Status	Constraints
`6.8`	affected	—
`0`	unaffected	< 6.8
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[72904d7b9bfbf2dd146254edea93958bc35bbbfe,d55fa7cd4b19ba91b34b307d769c149e56ad0a75)`	affected	code_commit	—
`[72904d7b9bfbf2dd146254edea93958bc35bbbfe,54331c5dcc6d97683d7ca2788e7ef9c9505e1477)`	affected	code_commit	—
`[72904d7b9bfbf2dd146254edea93958bc35bbbfe,4245a79003adf30e67f8e9060915bd05cb31d142)`	affected	code_commit	—
`056fc740be000d39a7dba700a935f3bbfbc664e6`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.8`	affected	generic	—
`[0,6.8)`	unaffected	generic	—
`[6.18.19,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install the latest Linux kernel release that includes the rxrpc error‑pointer fix.
If a kernel upgrade cannot be performed immediately, block or restrict network traffic to the rxrpc protocol and disable any AFS services that are not needed, thereby preventing the vulnerable code path from being exercised.
Enable detailed kernel crash logging and configure alerting for unexpected kernel panics to quickly detect possible exploitation attempts.
Review local process permissions and restrict privileged programs from interacting with afs or rxrpc modules until a patch is deployed.

Generated by OpenCVE AI on May 9, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/4245a79003adf30e67f8e9060915bd05cb31d142
https://git.kernel.org/stable/c/54331c5dcc6d97683d7ca2788e7ef9c9505e1477
https://git.kernel.org/stable/c/d55fa7cd4b19ba91b34b307d769c149e56ad0a75
https://lore.kernel.org/linux-cve-announce/2026050802-CVE-2026-43463-8afd@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43463
https://www.cve.org/CVERecord?id=CVE-2026-43463

History

Sat, 09 May 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-476

Sat, 09 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-252
References		https://lore.kernel.org/linux-cve-announce/2026050802-CVE-2026-43463-8afd@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43463 https://www.cve.org/CVERecord?id=CVE-2026-43463
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 17:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() rxrpc_kernel_lookup_peer() can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: (1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL on allocation failure. (2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the error code returned.
Title		rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4245a79003adf30e67f8e9060915bd05cb31d142 https://git.kernel.org/stable/c/54331c5dcc6d97683d7ca2788e7ef9c9505e1477 https://git.kernel.org/stable/c/d55fa7cd4b19ba91b34b307d769c149e56ad0a75

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:22:25.346Z

Updated: 2026-05-08T14:22:25.346Z

Reserved: 2026-05-01T14:12:56.010Z

Link: CVE-2026-43463

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:59.183

Modified: 2026-05-08T15:16:59.183

Link: CVE-2026-43463

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43463 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T16:30:37Z

Weaknesses

CWE-252

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object