CVE-2026-43340
Race Condition in Linux Kernel COMEDI Subsystem
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| comedi | comedi | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's COMEDI subsystem, specifically involving the handling of a spin-lock within the comedi_device structure. The spin-lock is intended for use by low-level drivers attached to a COMEDI device. However, when a COMEDI device is attached to different low-level drivers over its lifetime using the COMEDI_DEVCONFIG ioctl command, inconsistent lock states can occur if the spin-lock locking levels differ between these drivers. This inconsistency can lead to incorrect lock state reporting. The vulnerability is addressed by reinitializing the spin-lock before attaching a new low-level driver if CONFIG_LOCKDEP is enabled.
How can this vulnerability impact me? :
The impact of this vulnerability is related to potential inconsistencies in lock states within the COMEDI subsystem when switching between different low-level drivers. Such inconsistencies could lead to unpredictable behavior or race conditions in device handling, potentially causing system instability or incorrect operation of COMEDI devices.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by reinitializing the spinlock (dev->spinlock) before calling the low-level driver's attach function pointer if CONFIG_LOCKDEP is enabled.
Therefore, to mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes this fix.