CVE-2026-43471

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace()<br /> <br /> The kernel log indicates a crash in ufshcd_add_command_trace, due to a NULL<br /> pointer dereference when accessing hwq-&gt;id. This can happen if<br /> ufshcd_mcq_req_to_hwq() returns NULL.<br /> <br /> This patch adds a NULL check for hwq before accessing its id field to<br /> prevent a kernel crash.<br /> <br /> Kernel log excerpt:<br /> [] notify_die+0x4c/0x8c<br /> [] __die+0x60/0xb0<br /> [] die+0x4c/0xe0<br /> [] die_kernel_fault+0x74/0x88<br /> [] __do_kernel_fault+0x314/0x318<br /> [] do_page_fault+0xa4/0x5f8<br /> [] do_translation_fault+0x34/0x54<br /> [] do_mem_abort+0x50/0xa8<br /> [] el1_abort+0x3c/0x64<br /> [] el1h_64_sync_handler+0x44/0xcc<br /> [] el1h_64_sync+0x80/0x88<br /> [] ufshcd_add_command_trace+0x23c/0x320<br /> [] ufshcd_compl_one_cqe+0xa4/0x404<br /> [] ufshcd_mcq_poll_cqe_lock+0xac/0x104<br /> [] ufs_mtk_mcq_intr+0x54/0x74 [ufs_mediatek_mod]<br /> [] __handle_irq_event_percpu+0xc8/0x348<br /> [] handle_irq_event+0x3c/0xa8<br /> [] handle_fasteoi_irq+0xf8/0x294<br /> [] generic_handle_domain_irq+0x54/0x80<br /> [] gic_handle_irq+0x1d4/0x330<br /> [] call_on_irq_stack+0x44/0x68<br /> [] do_interrupt_handler+0x78/0xd8<br /> [] el1_interrupt+0x48/0xa8<br /> [] el1h_64_irq_handler+0x14/0x24<br /> [] el1h_64_irq+0x80/0x88<br /> [] arch_local_irq_enable+0x4/0x1c<br /> [] cpuidle_enter+0x34/0x54<br /> [] do_idle+0x1dc/0x2f8<br /> [] cpu_startup_entry+0x30/0x3c<br /> [] secondary_start_kernel+0x134/0x1ac<br /> [] __secondary_switched+0xc4/0xcc