Home

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() The kernel log indicates a crash in ufshcd_add_command_trace, due to a NULL pointer dereference when accessing hwq->id. This can happen if ufshcd_mcq_req_to_hwq() returns NULL. This patch adds a NULL check for hwq before accessing its id field to prevent a kernel crash. Kernel log excerpt: [<ffffffd5d192dc4c>] notify_die+0x4c/0x8c [<ffffffd5d1814e58>] __die+0x60/0xb0 [<ffffffd5d1814d64>] die+0x4c/0xe0 [<ffffffd5d181575c>] die_kernel_fault+0x74/0x88 [<ffffffd5d1864db4>] __do_kernel_fault+0x314/0x318 [<ffffffd5d2a3cdf8>] do_page_fault+0xa4/0x5f8 [<ffffffd5d2a3cd34>] do_translation_fault+0x34/0x54 [<ffffffd5d1864524>] do_mem_abort+0x50/0xa8 [<ffffffd5d2a297dc>] el1_abort+0x3c/0x64 [<ffffffd5d2a29718>] el1h_64_sync_handler+0x44/0xcc [<ffffffd5d181133c>] el1h_64_sync+0x80/0x88 [<ffffffd5d255c1dc>] ufshcd_add_command_trace+0x23c/0x320 [<ffffffd5d255bad8>] ufshcd_compl_one_cqe+0xa4/0x404 [<ffffffd5d2572968>] ufshcd_mcq_poll_cqe_lock+0xac/0x104 [<ffffffd5d11c7460>] ufs_mtk_mcq_intr+0x54/0x74 [ufs_mediatek_mod] [<ffffffd5d19ab92c>] __handle_irq_event_percpu+0xc8/0x348 [<ffffffd5d19abca8>] handle_irq_event+0x3c/0xa8 [<ffffffd5d19b1f0c>] handle_fasteoi_irq+0xf8/0x294 [<ffffffd5d19aa778>] generic_handle_domain_irq+0x54/0x80 [<ffffffd5d18102bc>] gic_handle_irq+0x1d4/0x330 [<ffffffd5d1838210>] call_on_irq_stack+0x44/0x68 [<ffffffd5d183af30>] do_interrupt_handler+0x78/0xd8 [<ffffffd5d2a29c00>] el1_interrupt+0x48/0xa8 [<ffffffd5d2a29ba8>] el1h_64_irq_handler+0x14/0x24 [<ffffffd5d18113c4>] el1h_64_irq+0x80/0x88 [<ffffffd5d2527fb4>] arch_local_irq_enable+0x4/0x1c [<ffffffd5d25282e4>] cpuidle_enter+0x34/0x54 [<ffffffd5d195a678>] do_idle+0x1dc/0x2f8 [<ffffffd5d195a7c4>] cpu_startup_entry+0x30/0x3c [<ffffffd5d18155c4>] secondary_start_kernel+0x134/0x1ac [<ffffffd5d18640bc>] __secondary_switched+0xc4/0xcc

PUBLISHED Reserved 2026-05-01 | Published 2026-05-08 | Updated 2026-05-23 | Assigner Linux

Product status

Default status
unaffected

bed0896008334eeee4b4bfd7150491ca098cbf72 (git) before 0614f5618c24fbc3d555efade22887b102ad7ad6
affected

9307a998cb9846a2557fdca286997430bee36a2a (git) before be730f9ee92ae08f2bc4b336967bcfd8183c06fe
affected

9307a998cb9846a2557fdca286997430bee36a2a (git) before f4f590c6c9df7453bbda2ef9170b1b09e42a124c
affected

9307a998cb9846a2557fdca286997430bee36a2a (git) before 93b9e7ee9e93629db80bbc9dab8a874215b89ccf
affected

9307a998cb9846a2557fdca286997430bee36a2a (git) before 30df81f2228d65bddf492db3929d9fcaffd38fc5
affected

11d81233f4ebe6907b12c79ad7d8787aa4db0633 (git)
affected

6.6.41 (semver) before 6.6.130
affected

6.9.10 (semver) before 6.10
affected

Default status
affected

6.10
affected

Any version before 6.10
unaffected

6.6.130 (semver)
unaffected

6.12.78 (semver)
unaffected

6.18.19 (semver)
unaffected

6.19.9 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/0614f5618c24fbc3d555efade22887b102ad7ad6

git.kernel.org/...c/be730f9ee92ae08f2bc4b336967bcfd8183c06fe

git.kernel.org/...c/f4f590c6c9df7453bbda2ef9170b1b09e42a124c

git.kernel.org/...c/93b9e7ee9e93629db80bbc9dab8a874215b89ccf

git.kernel.org/...c/30df81f2228d65bddf492db3929d9fcaffd38fc5

cve.org (CVE-2026-43471)

nvd.nist.gov (CVE-2026-43471)

Download JSON