CVE-2026-43319
Lock Inversion in Linux Kernel SPI Subsystem
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's spidev driver, where two mutexes, spi_lock and buf_lock, were acquired in different orders depending on the code path. Specifically, write() and read() functions acquired buf_lock first and then spi_lock, while ioctl() acquired spi_lock first and then buf_lock. This inconsistent locking order creates an AB-BA locking pattern that can cause deadlocks.
The deadlock occurs because two threads can each hold one lock and wait indefinitely for the other lock, leading to a circular locking dependency. This was demonstrated by a userspace program performing write() and SPI_IOC_WR_MAX_SPEED_HZ ioctl() calls from separate threads on the same spidev file descriptor.
The fix involved simplifying the locking model by removing buf_lock entirely and ensuring all access is serialized using spi_lock only, thus eliminating the lock inversion and preventing deadlocks without changing userspace ABI or behavior.
How can this vulnerability impact me? :
This vulnerability can cause deadlocks in the Linux kernel spidev driver when multiple threads perform operations like write() and ioctl() concurrently on the same spidev file descriptor. Such deadlocks can freeze or hang the affected processes or systems, leading to degraded system performance or unresponsiveness.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing lockdep warnings or deadlock messages in the kernel logs related to the spidev driver.
Specifically, look for warnings such as:
- WARNING: possible circular locking dependency detected
- spidev_ioctl() -> mutex_lock(&spidev->buf_lock)
- spidev_sync_write() -> mutex_lock(&spidev->spi_lock)
- *** DEADLOCK ***
To reproduce or detect the issue, you can run a userspace program that performs write() and SPI_IOC_WR_MAX_SPEED_HZ ioctl() calls from separate threads on the same spidev file descriptor.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation is to update the Linux kernel to a version where this vulnerability is fixed.
The fix involves simplifying the locking model in the spidev driver by removing the buf_lock mutex and ensuring all access is serialized using spi_lock, thus eliminating lock inversion and preventing deadlocks.
Until the update is applied, avoid running concurrent write() and SPI_IOC_WR_MAX_SPEED_HZ ioctl() calls on the same spidev file descriptor from multiple threads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information about the vulnerability in the Linux kernel's spidev driver does not include any details regarding its impact on compliance with common standards and regulations such as GDPR or HIPAA.