CVE-2026-43007

HIGH EPSS 2.9%
Published May 1, 20262mo ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published May 1, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles this by calling decode_deactivate() to release the resources allocated for that DBC. Since that handling is done in the qaic_manage_ioctl() context, if the user goes away before receiving and handling the deactivation, the host will be out-of-sync with the DBCs available for use, and the DBC resources will not be freed unless the device is removed. If another user loads and requests to activate a network, then the device assigns the same DBC to that network, QAIC will "indefinitely" wait for dbc->in_use = false, leading the user process to hang. As a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions that are received after the user has gone away.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
2.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-415

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥6.4  –  <6.6.134
linuxlinux_kernel*≥6.7  –  <6.12.81
linuxlinux_kernel*≥6.13  –  <6.18.22
linuxlinux_kernel*≥6.19  –  <6.19.12
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/08021f2d4a557d6491e3bcc288e96425f50aa3cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2dd67966f39a2abf8ccb4865031c722e40e01b7f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2feec5ae5df785658924ab6bd91280dc3926507c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee0180e77e6c8482644569632065411de844c515
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f403094d9075d7c565a3d81002b781c325cb3c07
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/08021f2d4a557d6491e3bcc288e96425f50aa3cf
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2dd67966f39a2abf8ccb4865031c722e40e01b7f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/2feec5ae5df785658924ab6bd91280dc3926507c
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee0180e77e6c8482644569632065411de844c515
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f403094d9075d7c565a3d81002b781c325cb3c07
    Patch