CVE-2026-43413

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer exception occurs in the hisi sas driver during the execution of the user scan() function. The user scan() function calls sas user scan() for channel 0 and then attempts to iteratively scan remaining channels up to shost->max channel using scsi scan host selected(). Because hisi sas only supports one channel and max channel is set to 1, the attempt to scan channel 1 triggers a NULL pointer dereference within the sas find dev by rphy() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.