CVE-2026-43364

Source
https://cve.org/CVERecord?id=CVE-2026-43364
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43364.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43364
Downstream
Published
2026-05-08T14:21:17.654Z
Modified
2026-07-08T08:13:29.540134259Z
Summary
ublk: fix NULL pointer dereference in ublk_ctrl_set_size()
Details

In the Linux kernel, the following vulnerability has been resolved:

ublk: fix NULL pointer dereference in ublkctrlset_size()

ublkctrlsetsize() unconditionally dereferences ub->ubdisk via setcapacityand_notify() without checking if it is NULL.

ub->ubdisk is NULL before UBLKCMDSTARTDEV completes (it is only assigned in ublkctrlstartdev()) and after UBLKCMDSTOPDEV runs (ublkdetachdisk() sets it to NULL). Since the UBLKCMDUPDATESIZE handler performs no state validation, a user can trigger a NULL pointer dereference by sending UPDATESIZE to a device that has been added but not yet started, or one that has been stopped.

Fix this by checking ub->ub_disk under ub->mutex before dereferencing it, and returning -ENODEV if the disk is not available.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43364.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
98b995660bff011d8e00af03abd74ac7d1ac1390
Fixed
f13fe6794726755a43090cb680c4c58cea6aa5f1
Fixed
c28d945bfa92e15147e93b73f95345b9bec979b0
Fixed
25966fc097691e5c925ad080f64a2f19c5fd940a

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43364.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.16.0
Fixed
6.18.20
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43364.json"