CVE-2026-43138
Awaiting Analysis Awaiting Analysis - Queue
GPIO Reset Bind Attributes Suppression in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43138
EUVD
EUVD-2026-27700
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel related to the reset subsystem's GPIO handling. A special device is created dynamically and is intended to remain in memory permanently. However, there is no device link between this special device and the actual reset consumer. Because of this, the sysfs bind attributes were not suppressed, allowing user-space to unbind the device.

If a user unbinds this device, it can cause a use-after-free error, which means that the system may attempt to access memory that has already been freed. This can lead to system instability or crashes when any user tries to use the reset control handle.

Impact Analysis

This vulnerability can impact you by causing system instability or crashes due to a use-after-free error triggered when user-space unbinds the special reset device. This can affect the reliability and security of systems running the vulnerable Linux kernel, potentially leading to denial of service or unexpected behavior.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43138. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart