CVE-2026-43429

MEDIUM EPSS 2.4%
Published May 8, 20261mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 8, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts The usbtmc driver accepts timeout values specified by the user in an ioctl command, and uses these timeouts for some usb_bulk_msg() calls. Since the user can specify arbitrarily long timeouts and usb_bulk_msg() uses unkillable waits, call usb_bulk_msg_killable() instead to avoid the possibility of the user hanging a kernel thread indefinitely.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel*≥4.19  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.78
linuxlinux_kernel*≥6.13  –  <6.18.19
linuxlinux_kernel*≥6.19  –  <6.19.9
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0535f84cb94c9d8bcba0a2a5b3fac81b7d97235d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39bd4097292fd8564cf2cfba9356f8ab11e38d12
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6cb7dc91f057dd8ce44f6caa2995d8e22784ed0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72c0a063489be183cfb99e7050aaef503bdb6449
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7784caa413a89487dd14dd5c41db8753483b2acb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fa72c369c23c27d1f64883c1e276af950557fb1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d4f1c45bdff3f393f9ab7e76795901c442b9eb76
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e14a0dcdf468c3ad616bb06696c7c64c36e736d8
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0535f84cb94c9d8bcba0a2a5b3fac81b7d97235d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/39bd4097292fd8564cf2cfba9356f8ab11e38d12
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/6cb7dc91f057dd8ce44f6caa2995d8e22784ed0a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72c0a063489be183cfb99e7050aaef503bdb6449
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7784caa413a89487dd14dd5c41db8753483b2acb
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7fa72c369c23c27d1f64883c1e276af950557fb1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d4f1c45bdff3f393f9ab7e76795901c442b9eb76
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e14a0dcdf468c3ad616bb06696c7c64c36e736d8
    Patch