HOMEVULNERABILITIESCVE-2026-43335
NONE

CVE-2026-43335

Published: May 8, 2026· Updated: May 12, 2026

EPSS:0.02%probability of exploitation in 30 daysPercentile:5.1th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes()

The change to dynamic IDs for SM8450 platform interconnects left two links

unconverted, fix it to avoid the NULL pointer dereference in runtime,

when a pointer to a destination interconnect is not valid:

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008

<...>

Call trace:

icc_link_nodes+0x3c/0x100 (P)

qcom_icc_rpmh_probe+0x1b4/0x528

platform_probe+0x64/0xc0

really_probe+0xc4/0x2a8

__driver_probe_device+0x80/0x140

driver_probe_device+0x48/0x170

__device_attach_driver+0xc0/0x148

bus_for_each_drv+0x88/0xf0

__device_attach+0xb0/0x1c0

device_initial_probe+0x58/0x68

bus_probe_device+0x40/0xb8

deferred_probe_work_func+0x90/0xd0

process_one_work+0x15c/0x3c0

worker_thread+0x2e8/0x400

kthread+0x150/0x208

ret_from_fork+0x10/0x20

Code: 900310f4 911d6294 91008280 94176078 (f94002a0)

---[ end trace 0000000000000000 ]---

Kernel panic - not syncing: Oops: Fatal exception

NVD Source

Technical Analysis

CVE-2026-43335 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (2)

Quick Facts

CVE IDCVE-2026-43335
SeverityNONE
CISA KEVNo
EPSS (30d)0.02%
PublishedMay 8, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43335 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.