CVE-2026-43138
GPIO Reset Bind Attributes Suppression in Linux Kernel
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel related to the reset subsystem's GPIO handling. A special device is created dynamically and is intended to remain in memory permanently. However, there is no device link between this special device and the actual reset consumer. Because of this, the sysfs bind attributes were not suppressed, allowing user-space to unbind the device.
If a user unbinds this device, it can cause a use-after-free error, which means that the system may attempt to access memory that has already been freed. This can lead to system instability or crashes when any user tries to use the reset control handle.
How can this vulnerability impact me? :
This vulnerability can impact you by causing system instability or crashes due to a use-after-free error triggered when user-space unbinds the special reset device. This can affect the reliability and security of systems running the vulnerable Linux kernel, potentially leading to denial of service or unexpected behavior.