In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix possible NULL pointer dereference in ufshcdaddcommand_trace()
The kernel log indicates a crash in ufshcdaddcommandtrace, due to a NULL pointer dereference when accessing hwq->id. This can happen if ufshcdmcqreqto_hwq() returns NULL.
This patch adds a NULL check for hwq before accessing its id field to prevent a kernel crash.
Kernel log excerpt: [<ffffffd5d192dc4c>] notify_die+0x4c/0x8c [<ffffffd5d1814e58>] __die+0x60/0xb0 [<ffffffd5d1814d64>] die+0x4c/0xe0 [<ffffffd5d181575c>] diekernelfault+0x74/0x88 [<ffffffd5d1864db4>] __dokernelfault+0x314/0x318 [<ffffffd5d2a3cdf8>] dopagefault+0xa4/0x5f8 [<ffffffd5d2a3cd34>] do_translationfault+0x34/0x54 [<ffffffd5d1864524>] domemabort+0x50/0xa8 [<ffffffd5d2a297dc>] el1abort+0x3c/0x64 [<ffffffd5d2a29718>] el1h64synchandler+0x44/0xcc [<ffffffd5d181133c>] el1h64sync+0x80/0x88 [<ffffffd5d255c1dc>] ufshcdaddcommandtrace+0x23c/0x320 [<ffffffd5d255bad8>] ufshcdcomplonecqe+0xa4/0x404 [<ffffffd5d2572968>] ufshcdmcqpollcqelock+0xac/0x104 [<ffffffd5d11c7460>] ufsmtkmcqintr+0x54/0x74 [ufsmediatekmod] [<ffffffd5d19ab92c>] __handleirqeventpercpu+0xc8/0x348 [<ffffffd5d19abca8>] handleirqevent+0x3c/0xa8 [<ffffffd5d19b1f0c>] handlefasteoiirq+0xf8/0x294 [<ffffffd5d19aa778>] generichandledomainirq+0x54/0x80 [<ffffffd5d18102bc>] gichandleirq+0x1d4/0x330 [<ffffffd5d1838210>] callonirqstack+0x44/0x68 [<ffffffd5d183af30>] dointerrupthandler+0x78/0xd8 [<ffffffd5d2a29c00>] el1interrupt+0x48/0xa8 [<ffffffd5d2a29ba8>] el1h64irqhandler+0x14/0x24 [<ffffffd5d18113c4>] el1h64irq+0x80/0x88 [<ffffffd5d2527fb4>] archlocalirqenable+0x4/0x1c [<ffffffd5d25282e4>] cpuidleenter+0x34/0x54 [<ffffffd5d195a678>] doidle+0x1dc/0x2f8 [<ffffffd5d195a7c4>] cpustartupentry+0x30/0x3c [<ffffffd5d18155c4>] secondarystartkernel+0x134/0x1ac [<ffffffd5d18640bc>] _secondaryswitched+0xc4/0xcc
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43471.json",
"cna_assigner": "Linux"
}