CVE-2026-43055
Published: 01 May 2026
Summary
CVE-2026-43055 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 15.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely application of the kernel patch using kzalloc_flex properly initializes aio_cmd->iocb including ki_write_stream to zero, directly preventing the bogus value and subsequent write failure DoS.
Configuring the system to least functionality by disabling unnecessary SCSI target_core_file module eliminates the vulnerable code path and exposure to crafted write commands.
Denial-of-service protections such as rate limiting or resource allocation controls on the network-exposed SCSI target mitigate availability impacts from repeated crafted write commands triggering the uninitialized memory failure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remotely exploitable vulnerability in a Linux kernel SCSI target service (exposed over the network) that can be triggered by sending crafted commands, directly enabling exploitation of a public-facing application for denial of service.
NVD Description
In the Linux kernel, the following vulnerability has been resolved: scsi: target: file: Use kzalloc_flex for aio_cmd The target_core_file doesn't initialize the aio_cmd->iocb for the ki_write_stream. When a write command fd_execute_rw_aio() is executed, we may get a bogus ki_write_stream value,…
more
causing unintended write failure status when checking iocb->ki_write_stream > max_write_streams in the block device. Let's just use kzalloc_flex when allocating the aio_cmd and let ki_write_stream=0 to fix this issue.
Deeper analysisAI
CVE-2026-43055 is a vulnerability in the Linux kernel's SCSI target file implementation (target_core_file). The issue arises because aio_cmd->iocb is not initialized for the ki_write_stream field. During execution of a write command via fd_execute_rw_aio(), this results in a bogus ki_write_stream value, which triggers an unintended write failure status when the block device checks if iocb->ki_write_stream exceeds max_write_streams. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.
A remote unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. By sending crafted write commands to a system running the affected SCSI target code, the attacker can trigger the uninitialized value check, causing write operations to fail and potentially leading to a denial of service on the target system.
The provided references point to stable kernel patch commits that resolve the issue by switching to kzalloc_flex for aio_cmd allocation, which ensures proper zero-initialization and sets ki_write_stream to 0, preventing the bogus value and associated failure condition.
Details
- CWE(s)