CVE-2026-43307
Received Received - Intake

Buffer Overflow in Linux Kernel IIO ADXL380 Driver

Vulnerability report for CVE-2026-43307, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-08

Last updated on: 2026-05-11

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than present in FIFO The interrupt handler reads FIFO entries in batches of N samples, where N is the number of scan elements that have been enabled. However, the sensor fills the FIFO one sample at a time, even when more than one channel is enabled. Therefore,the number of entries reported by the FIFO status registers may not be a multiple of N; if this number is not a multiple, the number of entries read from the FIFO may exceed the number of entries actually present. To fix the above issue, round down the number of FIFO entries read from the status registers so that it is always a multiple of N.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-08
Last Modified
2026-05-11
Generated
2026-07-09
AI Q&A
2026-05-08
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Impact Analysis

This vulnerability in the Linux kernel's iio: accel: adxl380 driver can cause the interrupt handler to read more FIFO entries than are actually present. This happens because the number of entries reported by the FIFO status registers may not be a multiple of the number of scan elements enabled, leading to reading beyond the available data.

The impact could include incorrect sensor data processing or potential instability in systems relying on accurate sensor readings, as the driver may process invalid or excess data entries.

Executive Summary

This vulnerability exists in the Linux kernel's iio accel adxl380 driver. The issue arises because the interrupt handler reads FIFO entries in batches based on the number of enabled scan elements (N). However, the sensor fills the FIFO one sample at a time, even if multiple channels are enabled. This means the FIFO status register may report a number of entries that is not a multiple of N, causing the handler to read more entries than are actually present.

The fix involves rounding down the number of FIFO entries read from the status registers so that it is always a multiple of N, preventing reading beyond the actual entries.

Mitigation Strategies

The vulnerability has been resolved by updating the Linux kernel to a version where the interrupt handler for the adxl380 sensor reads the FIFO entries correctly by rounding down the number of entries read to a multiple of the number of scan elements enabled.

Therefore, the immediate step to mitigate this vulnerability is to update your Linux kernel to the fixed version that includes this patch.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43307. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart