HOMEVULNERABILITIESCVE-2026-43271
MEDIUM

CVE-2026-43271

Published: May 6, 2026· Updated: May 8, 2026

5.5
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

md-cluster: fix NULL pointer dereference in process_metadata_update

The function process_metadata_update() blindly dereferences the 'thread'

pointer (acquired via rcu_dereference_protected) within the wait_event()

macro.

While the code comment states "daemon thread must exist", there is a valid

race condition window during the MD array startup sequence (md_run):

1. bitmap_load() is called, which invokes md_cluster_ops->join().

2. join() starts the "cluster_recv" thread (recv_daemon).

3. At this point, recv_daemon is active and processing messages.

4. However, mddev->thread (the main MD thread) is not initialized until

later in md_run().

If a METADATA_UPDATED message is received from a remote node during this

specific window, process_metadata_update() will be called while

mddev->thread is still NULL, leading to a kernel panic.

To fix this, we must validate the 'thread' pointer. If it is NULL, we

release the held lock (no_new_dev_lockres) and return early, safely

ignoring the update request as the array is not yet fully ready to

process it.

NVD Source

Technical Analysis

CVE-2026-43271 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in availability disruption (denial of service), with a CVSS base score of 5.5.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityNone
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Vendors & Products

Linux1 product
linux kernel
Source: NVD CPE · 1 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (5)

Quick Facts

CVE IDCVE-2026-43271
CVSS Score5.5 / 10
SeverityMEDIUM
CISA KEVNo
EPSS (30d)0.02%
Affected1 vendor
PublishedMay 6, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43271 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.