CVE-2026-43132
Description
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: correctly handle dm_bufio_client_create() failure
If either of the calls to dm_bufio_client_create() in verity_fec_ctr() fails, then dm_bufio_client_destroy() is later called with an ERR_PTR() argument. That causes a crash. Fix this.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In dm-verity, failing dm_bufio_client_create() calls lead to a crash because dm_bufio_client_destroy() receives an ERR_PTR; the fix adds proper error handling.
CVE-2026-43132 is a denial-of-service vulnerability in the Linux kernel's dm-verity subsystem, specifically in the forward error correction (FEC) initialization function verity_fec_ctr(). The root cause is a missing error check: if either of the two calls to dm_bufio_client_create() fails, the code later calls dm_bufio_client_destroy() on the resulting ERR_PTR value, causing a kernel crash.
An attacker with local access could trigger this vulnerability by exhausting memory or other resources needed for the dm_bufio_client_create() allocation. No authentication is required beyond typical local user access, and the attack surface is limited to systems using dm-verity with FEC enabled.
The impact is a kernel crash (panic), leading to a denial of service. The CVSS score of 5.5 (Medium) reflects the requirement for local access and the availability impact.
The fix is included in the Linux kernel stable trees as commit [1] and ensures that dm_bufio_client_destroy() is only called on valid pointers. Users should apply the latest kernel updates to mitigate this vulnerability.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/031f2adc1499b112a39ac316bbab3c80bba16cf2nvdPatch
- git.kernel.org/stable/c/119f4f04186fa4f33ee6bd39af145cdaff1ff17fnvdPatch
- git.kernel.org/stable/c/451cc650e40e8c3222d37877a9e4be0fcaacb9c8nvdPatch
- git.kernel.org/stable/c/5c2217ddb3b7e7ac25f4ebe9061258fc8f1c9167nvdPatch
- git.kernel.org/stable/c/6283e49af87a9c121bb01e5a64a7fe5706c210bcnvdPatch
- git.kernel.org/stable/c/9b8dc1d327e2928f3da59ced0595d850d31c0936nvdPatch
- git.kernel.org/stable/c/b154a868a3856fb5216c4f82981d8a503832e095nvdPatch
- git.kernel.org/stable/c/d3e1f1adc8a0289efe2d2cdc90edb8c6ffe0b5efnvdPatch
News mentions
0No linked articles in our index yet.