CVE-2026-43013

EUVD-2026-26612
In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: lag: Check for LAG device before creating debugfs

__mlx5_lag_dev_add_mdev() may return 0 (success) even when an error
occurs that is handled gracefully. Consequently, the initialization
flow proceeds to call mlx5_ldev_add_debugfs() even when there is no
valid LAG context.

mlx5_ldev_add_debugfs() blindly created the debugfs directory and
attributes. This exposed interfaces (like the members file) that rely on
a valid ldev pointer, leading to potential NULL pointer dereferences if
accessed when ldev is NULL.

Add a check to verify that mlx5_lag_dev(dev) returns a valid pointer
before attempting to create the debugfs entries.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.251-3
fixed
forky
6.19.14-1
fixed
sid
7.0.3-1
fixed
trixie
vulnerable
trixie (security)
6.12.85-1
fixed
References
https://git.kernel.org/stable/c/7129632cab3e4d23510b21930aa73b8d97a859f5
https://git.kernel.org/stable/c/89c65f2fcd8801365b410f40a427cbcd7f4c28e9
https://git.kernel.org/stable/c/a3db46d5f4df92630a96f7bc77b60e75c2353e06
https://git.kernel.org/stable/c/bf16bca6653679d8a514d6c1c5a2c67065033f14
https://git.kernel.org/stable/c/c53cf44588a93000f71817a6bb87a66353c48dee
https://git.kernel.org/stable/c/cfa774e6c920c81e700327bf10db8cb50d5db456