CVE-2026-43463
Description
In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() rxrpc_kernel_lookup_peer() can also return error pointers in addition to NULL, so just checking for NULL is not sufficient. Fix this by: (1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL on allocation failure. (2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the error code returned.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 0 |
| debian | bullseye | fixed | 0 |
| debian | forky | fixed | 6.19.10-1 |
| debian | sid | fixed | 6.19.10-1 |
| debian | trixie | affected | |
| linux-kernel | affected | 6.8 | |
| linux-kernel | 7.0 | affected | |
References
- https://git.kernel.org/stable/c/4245a79003adf30e67f8e9060915bd05cb31d142
- https://git.kernel.org/stable/c/54331c5dcc6d97683d7ca2788e7ef9c9505e1477
- https://git.kernel.org/stable/c/d55fa7cd4b19ba91b34b307d769c149e56ad0a75
- https://www.suse.com/security/cve/CVE-2026-43463.html
- https://security-tracker.debian.org/tracker/CVE-2026-43463
CWEs
CWE-476
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.