CVE-2026-43013

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the net/mlx5 component where the function mlx5 lag dev add mdev() may return success even if a gracefully handled error occurs. This allows the initialization process to call mlx5 ldev add debugfs() without a valid LAG context. Because mlx5 ldev add debugfs() creates the debugfs directory and attributes without verification, it exposes interfaces, such as the members file, that depend on a valid ldev pointer. This can lead to NULL pointer dereferences—a condition where the software attempts to read from a memory address that is null—if these interfaces are accessed while ldev is NULL.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.