CVE-2026-43211
Analyzed Analyzed - Analysis Complete
PCI Lock Handling Flaw in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in pci_slot_trylock(), but it forgets to remove the corresponding pci_dev_unlock() when pci_bus_trylock() fails. Before a4e772898f8b, the code did: if (!pci_dev_trylock(dev)) /* <- lock bridge device */ goto unlock; if (dev->subordinate) { if (!pci_bus_trylock(dev->subordinate)) { pci_dev_unlock(dev); /* <- unlock bridge device */ goto unlock; } } After a4e772898f8b the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) on the failure path was left in place, leading to the bug. This yields one of two errors: 1. A warning that the lock is being unlocked when no one holds it. 2. An incorrect unlock of a lock that belongs to another thread. Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure path. [Same patch later posted by Keith at https://patch.msgid.link/[email protected]]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43211
EUVD
EUVD-2026-27773
Affected Vendors & Products
Showing 9 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.4.284 (inc) to 5.5 (exc)
linux linux_kernel From 4.19.322 (inc) to 4.20 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.10.226 (inc) to 5.10.252 (exc)
linux linux_kernel From 5.15.167 (inc) to 5.15.202 (exc)
linux linux_kernel From 6.1.110 (inc) to 6.1.165 (exc)
linux linux_kernel From 6.10.10 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.6.51 (inc) to 6.6.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Linux kernel's PCI subsystem, specifically in the pci_slot_trylock() function. A code change (commit a4e772898f8b) modified how locking is handled for PCI bridge devices by delegating the bridge device's pci_dev_trylock() to pci_bus_trylock(). However, the patch forgot to remove a pci_dev_unlock() call on the failure path after pci_bus_trylock() fails.

Before the patch, the code locked the bridge device and then tried to lock the subordinate bus. If locking the subordinate bus failed, it would unlock the bridge device. After the patch, the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) call was mistakenly left in place, causing errors.

This results in either a warning about unlocking a lock that is not held or an incorrect unlock of a lock held by another thread. The fix removes the redundant pci_dev_unlock(dev) call on the failure path.

Impact Analysis

This vulnerability can cause incorrect lock handling in the Linux kernel's PCI subsystem, which may lead to warnings or incorrect unlocking of locks held by other threads.

Such incorrect locking behavior can potentially cause race conditions, kernel warnings, or instability in the PCI device management, which might affect system reliability or cause unexpected behavior in hardware interactions.

Mitigation Strategies

The vulnerability is fixed by applying the patch that removes the redundant pci_dev_unlock(dev) call in the pci_slot_trylock() function in the Linux kernel.

Therefore, the immediate step to mitigate this vulnerability is to update your Linux kernel to a version that includes the fix from commit a4e772898f8b or later.

Detection Guidance

This vulnerability relates to incorrect locking and unlocking behavior in the Linux kernel's PCI subsystem, specifically in pci_slot_trylock(). Detection would involve monitoring kernel logs for warnings or errors related to lock handling.

You can check your system's kernel logs for warnings about unlocking locks that are not held or other related PCI lock errors. For example, use the following command to search the kernel log:

  • dmesg | grep -i 'pci_dev_unlock'
  • journalctl -k | grep -i 'pci_dev_unlock'

Additionally, monitoring for kernel warnings or errors related to PCI device locking can help identify if the vulnerable code path is being triggered.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart