{"api_version":"1","generated_at":"2026-05-09T11:18:51+00:00","cve":"CVE-2026-43473","urls":{"html":"https://cve.report/CVE-2026-43473","api":"https://cve.report/api/cve/CVE-2026-43473.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-43473","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-43473"},"summary":{"title":"scsi: mpi3mr: Add NULL checks when resetting request and reply queues","description":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Add NULL checks when resetting request and reply queues\n\nThe driver encountered a crash during resource cleanup when the reply and\nrequest queues were NULL due to freed memory.  This issue occurred when the\ncreation of reply or request queues failed, and the driver freed the memory\nfirst, but attempted to mem set the content of the freed memory, leading to\na system crash.\n\nAdd NULL pointer checks for reply and request queues before accessing the\nreply/request memory during cleanup","state":"PUBLISHED","assigner":"Linux","published_at":"2026-05-08 15:17:00","updated_at":"2026-05-09 06:16:15"},"problem_types":[],"metrics":[],"references":[{"url":"https://git.kernel.org/stable/c/fa96392ebebc8fade2b878acb14cce0f71016503","name":"https://git.kernel.org/stable/c/fa96392ebebc8fade2b878acb14cce0f71016503","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/7da755e0d02e9ca035065127e108d1fed8950dc8","name":"https://git.kernel.org/stable/c/7da755e0d02e9ca035065127e108d1fed8950dc8","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/78d3f201f8b609928eade53cf03a52df5415aaf7","name":"https://git.kernel.org/stable/c/78d3f201f8b609928eade53cf03a52df5415aaf7","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/7df0296ad4e9253d12c6dbe7f120044dddc95600","name":"https://git.kernel.org/stable/c/7df0296ad4e9253d12c6dbe7f120044dddc95600","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/220d7ca70611a73d50ef8e9edac630ed1ececb7c","name":"https://git.kernel.org/stable/c/220d7ca70611a73d50ef8e9edac630ed1ececb7c","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/e978a36f332ede78eb4de037b517db16265d420d","name":"https://git.kernel.org/stable/c/e978a36f332ede78eb4de037b517db16265d420d","refsource":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://git.kernel.org/stable/c/f8e833572a3e12a2a1ffe7b3646af024264d38ca","name":"https://git.kernel.org/stable/c/f8e833572a3e12a2a1ffe7b3646af024264d38ca","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-43473","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-43473","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fe6db615156573d3f6a37564b8a590cb03bbaf25 7df0296ad4e9253d12c6dbe7f120044dddc95600 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fe6db615156573d3f6a37564b8a590cb03bbaf25 7da755e0d02e9ca035065127e108d1fed8950dc8 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fe6db615156573d3f6a37564b8a590cb03bbaf25 78d3f201f8b609928eade53cf03a52df5415aaf7 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fe6db615156573d3f6a37564b8a590cb03bbaf25 e978a36f332ede78eb4de037b517db16265d420d git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fe6db615156573d3f6a37564b8a590cb03bbaf25 220d7ca70611a73d50ef8e9edac630ed1ececb7c git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected fe6db615156573d3f6a37564b8a590cb03bbaf25 fa96392ebebc8fade2b878acb14cce0f71016503 git","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"affected 5.17","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 5.17 semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.1.167 6.1.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.6.130 6.6.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.12.78 6.12.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.18.19 6.18.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 6.19.9 6.19.* semver","platforms":[]},{"source":"CNA","vendor":"Linux","product":"Linux","version":"unaffected 7.0 * original_commit_for_fix","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Linux","programFiles":["drivers/scsi/mpi3mr/mpi3mr_fw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"lessThan":"7df0296ad4e9253d12c6dbe7f120044dddc95600","status":"affected","version":"fe6db615156573d3f6a37564b8a590cb03bbaf25","versionType":"git"},{"lessThan":"7da755e0d02e9ca035065127e108d1fed8950dc8","status":"affected","version":"fe6db615156573d3f6a37564b8a590cb03bbaf25","versionType":"git"},{"lessThan":"78d3f201f8b609928eade53cf03a52df5415aaf7","status":"affected","version":"fe6db615156573d3f6a37564b8a590cb03bbaf25","versionType":"git"},{"lessThan":"e978a36f332ede78eb4de037b517db16265d420d","status":"affected","version":"fe6db615156573d3f6a37564b8a590cb03bbaf25","versionType":"git"},{"lessThan":"220d7ca70611a73d50ef8e9edac630ed1ececb7c","status":"affected","version":"fe6db615156573d3f6a37564b8a590cb03bbaf25","versionType":"git"},{"lessThan":"fa96392ebebc8fade2b878acb14cce0f71016503","status":"affected","version":"fe6db615156573d3f6a37564b8a590cb03bbaf25","versionType":"git"}]},{"defaultStatus":"affected","product":"Linux","programFiles":["drivers/scsi/mpi3mr/mpi3mr_fw.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","vendor":"Linux","versions":[{"status":"affected","version":"5.17"},{"lessThan":"5.17","status":"unaffected","version":"0","versionType":"semver"},{"lessThanOrEqual":"6.1.*","status":"unaffected","version":"6.1.167","versionType":"semver"},{"lessThanOrEqual":"6.6.*","status":"unaffected","version":"6.6.130","versionType":"semver"},{"lessThanOrEqual":"6.12.*","status":"unaffected","version":"6.12.78","versionType":"semver"},{"lessThanOrEqual":"6.18.*","status":"unaffected","version":"6.18.19","versionType":"semver"},{"lessThanOrEqual":"6.19.*","status":"unaffected","version":"6.19.9","versionType":"semver"},{"lessThanOrEqual":"*","status":"unaffected","version":"7.0","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.1.167","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.6.130","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.12.78","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.18.19","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"6.19.9","versionStartIncluding":"5.17","vulnerable":true},{"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"7.0","versionStartIncluding":"5.17","vulnerable":true}],"negate":false,"operator":"OR"}]}],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Add NULL checks when resetting request and reply queues\n\nThe driver encountered a crash during resource cleanup when the reply and\nrequest queues were NULL due to freed memory.  This issue occurred when the\ncreation of reply or request queues failed, and the driver freed the memory\nfirst, but attempted to mem set the content of the freed memory, leading to\na system crash.\n\nAdd NULL pointer checks for reply and request queues before accessing the\nreply/request memory during cleanup"}],"providerMetadata":{"dateUpdated":"2026-05-09T04:11:06.114Z","orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux"},"references":[{"url":"https://git.kernel.org/stable/c/7df0296ad4e9253d12c6dbe7f120044dddc95600"},{"url":"https://git.kernel.org/stable/c/7da755e0d02e9ca035065127e108d1fed8950dc8"},{"url":"https://git.kernel.org/stable/c/78d3f201f8b609928eade53cf03a52df5415aaf7"},{"url":"https://git.kernel.org/stable/c/e978a36f332ede78eb4de037b517db16265d420d"},{"url":"https://git.kernel.org/stable/c/220d7ca70611a73d50ef8e9edac630ed1ececb7c"},{"url":"https://git.kernel.org/stable/c/fa96392ebebc8fade2b878acb14cce0f71016503"}],"title":"scsi: mpi3mr: Add NULL checks when resetting request and reply queues","x_generator":{"engine":"bippy-1.2.0"}}},"cveMetadata":{"assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","assignerShortName":"Linux","cveId":"CVE-2026-43473","datePublished":"2026-05-08T14:22:32.210Z","dateReserved":"2026-05-01T14:12:56.011Z","dateUpdated":"2026-05-09T04:11:06.114Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-08 15:17:00","lastModifiedDate":"2026-05-09 06:16:15","problem_types":[],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"43473","Ordinal":"1","Title":"scsi: mpi3mr: Add NULL checks when resetting request and reply q","CVE":"CVE-2026-43473","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"43473","Ordinal":"1","NoteData":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Add NULL checks when resetting request and reply queues\n\nThe driver encountered a crash during resource cleanup when the reply and\nrequest queues were NULL due to freed memory.  This issue occurred when the\ncreation of reply or request queues failed, and the driver freed the memory\nfirst, but attempted to mem set the content of the freed memory, leading to\na system crash.\n\nAdd NULL pointer checks for reply and request queues before accessing the\nreply/request memory during cleanup","Type":"Description","Title":"scsi: mpi3mr: Add NULL checks when resetting request and reply q"}]}}}