What is GHSA-qc73-3qqx-fc2q?

GHSA-qc73-3qqx-fc2q is a security advisory published by GitHub Security Advisories with Medium severity. In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing...

Which CVE IDs does GHSA-qc73-3qqx-fc2q cover?

GHSA-qc73-3qqx-fc2q covers the following CVE IDs: CVE-2026-43463. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-qc73-3qqx-fc2q?

GHSA-qc73-3qqx-fc2q has a CVSS v3 base score of 5.5, published by GitHub Security Advisories.

GHSA-qc73-3qqx-fc2qMediumCVSS 5.5

In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing...

Vendor

GitHub Security Advisories

Published

May 8, 2026

Last Modified

May 20, 2026

🔗 CVE IDs covered (1)

CVE-2026-43463 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer()

rxrpc_kernel_lookup_peer() can also return error pointers in addition to NULL, so just checking for NULL is not sufficient.

Fix this by:

(1) Changing rxrpc_kernel_lookup_peer() to return -ENOMEM rather than NULL on allocation failure.

(2) Making the callers in afs use IS_ERR() and PTR_ERR() to pass on the error code returned.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-43463
https://git.kernel.org/stable/c/4245a79003adf30e67f8e9060915bd05cb31d142
https://git.kernel.org/stable/c/54331c5dcc6d97683d7ca2788e7ef9c9505e1477
https://git.kernel.org/stable/c/d55fa7cd4b19ba91b34b307d769c149e56ad0a75
https://github.com/advisories/GHSA-qc73-3qqx-fc2q