CVE-2026-43259
Description
In the Linux kernel, the following vulnerability has been resolved:
phy: fsl-imx8mq-usb: set platform driver data
Add missing platform_set_drvdata() as the data will be used in remove().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing platform_set_drvdata() in the Freescale i.MX8MQ USB PHY driver causes a NULL pointer dereference during device removal.
A missing platform_set_drvdata() call in the fsl-imx8mq-usb PHY driver can lead to a NULL pointer dereference when the device is removed. The bug occurs because the driver's remove() function attempts to access driver data that was never stored, causing a kernel crash [1].
An attacker with local access and the ability to trigger device removal (e.g., via hotplug or driver unbind) can exploit this vulnerability to cause a denial of service (DoS) on the system [2]. No authentication is required beyond local user privileges.
The impact is a system crash, leading to a temporary denial of service. There is no evidence of privilege escalation or data corruption from this vulnerability.
The fix addresses the missing platform_set_drvdata() call. Patched versions are available in the stable kernel tree. Users should apply the latest kernel updates to mitigate this issue [3].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.