SB20260508128 - NULL pointer dereference in Linux kernel firmware driver



SB20260508128 - NULL pointer dereference in Linux kernel firmware driver

Published: May 8, 2026

Security Bulletin ID SB20260508128
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) NULL pointer dereference (CVE-ID: CVE-2026-43410)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a NULL pointer dereference in the stratix10-rsu driver when executing svc_normal_to_secure_thread() while RSU is disabled in firmware. A local user can trigger the vulnerable code path to cause a denial of service.

The issue occurs after asynchronous message setup fails and the channel is freed, but the thread is still registered and later accesses the invalid channel.


Remediation

Install update from vendor's website.