Vulnerabilities ›

CVE-2026-43132

Medium

                    Published: May 6, 2026                      ·  Modified: May 9, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

In the Linux kernel, the following vulnerability has been resolved:

dm-verity: correctly handle dm_bufio_client_create() failure

If either of the calls to dm_bufio_client_create() in verity_fec_ctr()
fails, then dm_bufio_client_destroy() is later called with an ERR_PTR()
argument. That causes a crash. Fix this.

🤖 AI Executive Summary

A vulnerability in Linux kernel's dm-verity module causes a crash when dm_bufio_client_create() fails, as the error pointer is incorrectly passed to dm_bufio_client_destroy(). The fix ensures proper error handling to prevent kernel crashes during device mapper verity initialization.

📄 Description (Arabic)

تحتوي وحدة dm-verity في نواة Linux على ثغرة في معالجة الأخطاء حيث يتم تمرير مؤشر خطأ (ERR_PTR) إلى دالة dm_bufio_client_destroy() عند فشل استدعاء dm_bufio_client_create(). هذا يسبب انهيار النواة (kernel crash) أثناء تهيئة جهاز mapper verity.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 25, 2026 14:31

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

telecom energy government healthcare

🎯 MITRE ATT&CK Techniques

T1499.004

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update the Linux kernel to the patched version that properly checks for error pointers before calling dm_bufio_client_destroy() in the verity_fec_ctr() function. Implement proper error handling to validate dm_bufio_client_create() return values.

🔧 خطوات المعالجة (العربية)

قم بتحديث نواة Linux إلى النسخة المصححة التي تتحقق بشكل صحيح من مؤشرات الخطأ قبل استدعاء dm_bufio_client_destroy() في دالة verity_fec_ctr(). تطبيق معالجة الأخطاء الصحيحة للتحقق من قيم إرجاع dm_bufio_client_create().

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.BE-5.1 PR.IP-1.1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 8

🔗

https://git.kernel.org/stable/c/031f2adc1499b112a39ac316bbab3c80bba16cf2

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/119f4f04186fa4f33ee6bd39af145cdaff1ff17f

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/451cc650e40e8c3222d37877a9e4be0fcaacb9c8

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/5c2217ddb3b7e7ac25f4ebe9061258fc8f1c9167

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/6283e49af87a9c121bb01e5a64a7fe5706c210bc

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/9b8dc1d327e2928f3da59ced0595d850d31c0936

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/b154a868a3856fb5216c4f82981d8a503832e095

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

🔗

https://git.kernel.org/stable/c/d3e1f1adc8a0289efe2d2cdc90edb8c6ffe0b5ef

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Patch

📦 Affected Products / CPE 7 entries

linux:linux_kernel

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score5.5

EPSS0.01%

Exploit No

Patch ✓ Yes

Published 2026-05-06

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

patch-available

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-43132

Introduce Yourself

Sign In Required