CVE-2026-43013 PUBLISHED

net/mlx5: lag: Check for LAG device before creating debugfs

Assigner: Linux
Reserved: 01.05.2026 Published: 01.05.2026 Updated: 01.05.2026

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5: lag: Check for LAG device before creating debugfs

__mlx5_lag_dev_add_mdev() may return 0 (success) even when an error occurs that is handled gracefully. Consequently, the initialization flow proceeds to call mlx5_ldev_add_debugfs() even when there is no valid LAG context.

mlx5_ldev_add_debugfs() blindly created the debugfs directory and attributes. This exposed interfaces (like the members file) that rely on a valid ldev pointer, leading to potential NULL pointer dereferences if accessed when ldev is NULL.

Add a check to verify that mlx5_lag_dev(dev) returns a valid pointer before attempting to create the debugfs entries.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 7f46a0b7327ae261f9981888708dbca22c283900 to a3db46d5f4df92630a96f7bc77b60e75c2353e06 (excl.)
  • affected from 7f46a0b7327ae261f9981888708dbca22c283900 to 7129632cab3e4d23510b21930aa73b8d97a859f5 (excl.)
  • affected from 7f46a0b7327ae261f9981888708dbca22c283900 to cfa774e6c920c81e700327bf10db8cb50d5db456 (excl.)
  • affected from 7f46a0b7327ae261f9981888708dbca22c283900 to c53cf44588a93000f71817a6bb87a66353c48dee (excl.)
  • affected from 7f46a0b7327ae261f9981888708dbca22c283900 to 89c65f2fcd8801365b410f40a427cbcd7f4c28e9 (excl.)
  • affected from 7f46a0b7327ae261f9981888708dbca22c283900 to bf16bca6653679d8a514d6c1c5a2c67065033f14 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 5.19 is affected
  • unaffected from 0 to 5.19 (excl.)
  • unaffected from 6.1.168 to 6.1.* (incl.)
  • unaffected from 6.6.134 to 6.6.* (incl.)
  • unaffected from 6.12.81 to 6.12.* (incl.)
  • unaffected from 6.18.22 to 6.18.* (incl.)
  • unaffected from 6.19.12 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References