Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted in xhci->max_ports than ports reported by Supported Protocol capabilities. This is possible if max_ports is more than maximum port number, or if there are gaps between ports of different speeds the 'Supported Protocol' capabilities. In such cases port->rhub will be NULL so we can't reach xhci behind it. Add an explicit NULL check for this case, and print portli in hex without dereferencing port->rhub.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 6.19, < 6.19.9 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/9c8bef223c6e991276188d30d74bdb2cbd8be652Patch
- https://git.kernel.org/stable/c/ae4ff9dead5efa2025eddfcdb29411432bf40a7cPatch
FAQ
What is CVE-2026-43431?
CVE-2026-43431 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in...
How severe is CVE-2026-43431?
CVE-2026-43431 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-43431?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.