In the Linux kernel, the following vulnerability has been resolved:

dm-verity: correctly handle dm_bufio_client_create() failure

If either of the calls to dm_bufio_client_create() in verity_fec_ctr()
fails, then dm_bufio_client_destroy() is later called with an ERR_PTR()
argument. That causes a crash. Fix this.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < 6283e49af87a9c121bb01e5a64a7fe5706c210bc
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < d3e1f1adc8a0289efe2d2cdc90edb8c6ffe0b5ef
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < 5c2217ddb3b7e7ac25f4ebe9061258fc8f1c9167
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < 031f2adc1499b112a39ac316bbab3c80bba16cf2
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < 9b8dc1d327e2928f3da59ced0595d850d31c0936
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < 451cc650e40e8c3222d37877a9e4be0fcaacb9c8
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < b154a868a3856fb5216c4f82981d8a503832e095
a739ff3f543afbb4a041c16cd0182c8e8d366e70 affected < 119f4f04186fa4f33ee6bd39af145cdaff1ff17f
Linux Linux affected
Version Status Constraints
4.5 affected
0 unaffected < 4.5
5.10.252 unaffected ≤ 5.10.*
5.15.202 unaffected ≤ 5.15.*
6.1.165 unaffected ≤ 6.1.*
6.6.128 unaffected ≤ 6.6.*
6.12.75 unaffected ≤ 6.12.*
6.18.16 unaffected ≤ 6.18.*
6.19.6 unaffected ≤ 6.19.*
7.0 unaffected ≤ *

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Project Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe
Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/031f2adc1499b112a39ac316bbab3c80bba16cf2 cve-icon cve-icon
https://git.kernel.org/stable/c/119f4f04186fa4f33ee6bd39af145cdaff1ff17f cve-icon cve-icon
https://git.kernel.org/stable/c/451cc650e40e8c3222d37877a9e4be0fcaacb9c8 cve-icon cve-icon
https://git.kernel.org/stable/c/5c2217ddb3b7e7ac25f4ebe9061258fc8f1c9167 cve-icon cve-icon
https://git.kernel.org/stable/c/6283e49af87a9c121bb01e5a64a7fe5706c210bc cve-icon cve-icon
https://git.kernel.org/stable/c/9b8dc1d327e2928f3da59ced0595d850d31c0936 cve-icon cve-icon
https://git.kernel.org/stable/c/b154a868a3856fb5216c4f82981d8a503832e095 cve-icon cve-icon
https://git.kernel.org/stable/c/d3e1f1adc8a0289efe2d2cdc90edb8c6ffe0b5ef cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2026050622-CVE-2026-43132-42ed@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2026-43132 cve-icon
https://www.cve.org/CVERecord?id=CVE-2026-43132 cve-icon
History

Fri, 08 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-235

Fri, 08 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-763
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-235

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: dm-verity: correctly handle dm_bufio_client_create() failure If either of the calls to dm_bufio_client_create() in verity_fec_ctr() fails, then dm_bufio_client_destroy() is later called with an ERR_PTR() argument. That causes a crash. Fix this.
Title dm-verity: correctly handle dm_bufio_client_create() failure
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:18:22.593Z

Reserved: 2026-05-01T14:12:55.988Z

Link: CVE-2026-43132

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:30.357

Modified: 2026-05-08T17:26:57.643

Link: CVE-2026-43132

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43132 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T23:00:16Z

Weaknesses