CVE-2026-43211
Awaiting Analysis Awaiting Analysis - Queue
PCI Lock Handling Flaw in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in pci_slot_trylock(), but it forgets to remove the corresponding pci_dev_unlock() when pci_bus_trylock() fails. Before a4e772898f8b, the code did: if (!pci_dev_trylock(dev)) /* <- lock bridge device */ goto unlock; if (dev->subordinate) { if (!pci_bus_trylock(dev->subordinate)) { pci_dev_unlock(dev); /* <- unlock bridge device */ goto unlock; } } After a4e772898f8b the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) on the failure path was left in place, leading to the bug. This yields one of two errors: 1. A warning that the lock is being unlocked when no one holds it. 2. An incorrect unlock of a lock that belongs to another thread. Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure path. [Same patch later posted by Keith at https://patch.msgid.link/[email protected]]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-06
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43211
EUVD
EUVD-2026-27773
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's PCI subsystem, specifically in the pci_slot_trylock() function. A code change (commit a4e772898f8b) modified how locking is handled for PCI bridge devices by delegating the bridge device's pci_dev_trylock() to pci_bus_trylock(). However, the patch forgot to remove a pci_dev_unlock() call on the failure path after pci_bus_trylock() fails.

Before the patch, the code locked the bridge device and then tried to lock the subordinate bus. If locking the subordinate bus failed, it would unlock the bridge device. After the patch, the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) call was mistakenly left in place, causing errors.

This results in either a warning about unlocking a lock that is not held or an incorrect unlock of a lock held by another thread. The fix removes the redundant pci_dev_unlock(dev) call on the failure path.


How can this vulnerability impact me? :

This vulnerability can cause incorrect lock handling in the Linux kernel's PCI subsystem, which may lead to warnings or incorrect unlocking of locks held by other threads.

Such incorrect locking behavior can potentially cause race conditions, kernel warnings, or instability in the PCI device management, which might affect system reliability or cause unexpected behavior in hardware interactions.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by applying the patch that removes the redundant pci_dev_unlock(dev) call in the pci_slot_trylock() function in the Linux kernel.

Therefore, the immediate step to mitigate this vulnerability is to update your Linux kernel to a version that includes the fix from commit a4e772898f8b or later.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart