VYPR
Medium severity5.5NVD Advisory· Published May 8, 2026· Updated May 20, 2026

CVE-2026-43431

CVE-2026-43431

Description

In the Linux kernel, the following vulnerability has been resolved:

xhci: Fix NULL pointer dereference when reading portli debugfs files

Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files

Oops is caused when there are more port registers counted in xhci->max_ports than ports reported by Supported Protocol capabilities. This is possible if max_ports is more than maximum port number, or if there are gaps between ports of different speeds the 'Supported Protocol' capabilities.

In such cases port->rhub will be NULL so we can't reach xhci behind it. Add an explicit NULL check for this case, and print portli in hex without dereferencing port->rhub.

Affected products

7
  • Linux/Kernel6 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=6.19,<6.19.9
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.