CVE-2026-43211
PCI Lock Handling Flaw in Linux Kernel
Publication date: 2026-05-06
Last updated on: 2026-05-11
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | From 5.4.284 (inc) to 5.5 (exc) |
| linux | linux_kernel | From 4.19.322 (inc) to 4.20 (exc) |
| linux | linux_kernel | From 6.13 (inc) to 6.18.16 (exc) |
| linux | linux_kernel | From 6.19 (inc) to 6.19.6 (exc) |
| linux | linux_kernel | From 5.10.226 (inc) to 5.10.252 (exc) |
| linux | linux_kernel | From 5.15.167 (inc) to 5.15.202 (exc) |
| linux | linux_kernel | From 6.1.110 (inc) to 6.1.165 (exc) |
| linux | linux_kernel | From 6.10.10 (inc) to 6.12.75 (exc) |
| linux | linux_kernel | From 6.6.51 (inc) to 6.6.128 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-667 | The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability relates to incorrect locking and unlocking behavior in the Linux kernel's PCI subsystem, specifically in pci_slot_trylock(). Detection would involve monitoring kernel logs for warnings or errors related to lock handling.
You can check your system's kernel logs for warnings about unlocking locks that are not held or other related PCI lock errors. For example, use the following command to search the kernel log:
- dmesg | grep -i 'pci_dev_unlock'
- journalctl -k | grep -i 'pci_dev_unlock'
Additionally, monitoring for kernel warnings or errors related to PCI device locking can help identify if the vulnerable code path is being triggered.
Can you explain this vulnerability to me?
This vulnerability is in the Linux kernel's PCI subsystem, specifically in the pci_slot_trylock() function. A code change (commit a4e772898f8b) modified how locking is handled for PCI bridge devices by delegating the bridge device's pci_dev_trylock() to pci_bus_trylock(). However, the patch forgot to remove a pci_dev_unlock() call on the failure path after pci_bus_trylock() fails.
Before the patch, the code locked the bridge device and then tried to lock the subordinate bus. If locking the subordinate bus failed, it would unlock the bridge device. After the patch, the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) call was mistakenly left in place, causing errors.
This results in either a warning about unlocking a lock that is not held or an incorrect unlock of a lock held by another thread. The fix removes the redundant pci_dev_unlock(dev) call on the failure path.
How can this vulnerability impact me? :
This vulnerability can cause incorrect lock handling in the Linux kernel's PCI subsystem, which may lead to warnings or incorrect unlocking of locks held by other threads.
Such incorrect locking behavior can potentially cause race conditions, kernel warnings, or instability in the PCI device management, which might affect system reliability or cause unexpected behavior in hardware interactions.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by applying the patch that removes the redundant pci_dev_unlock(dev) call in the pci_slot_trylock() function in the Linux kernel.
Therefore, the immediate step to mitigate this vulnerability is to update your Linux kernel to a version that includes the fix from commit a4e772898f8b or later.