CVE-2026-43340
Received Received - Intake
Race Condition in Linux Kernel COMEDI Subsystem

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member `spinlock` containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")). Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedi_num_legacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the `COMEDI_DEVCONFIG` ioctl command. This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing `dev->spinlock` before calling the low-level driver's `attach` function pointer if `CONFIG_LOCKDEP` is enabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43340
EUVD
EUVD-2026-28624
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
comedi comedi *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's COMEDI subsystem, specifically involving the handling of a spin-lock within the comedi_device structure. The spin-lock is intended for use by low-level drivers attached to a COMEDI device. However, when a COMEDI device is attached to different low-level drivers over its lifetime using the COMEDI_DEVCONFIG ioctl command, inconsistent lock states can occur if the spin-lock locking levels differ between these drivers. This inconsistency can lead to incorrect lock state reporting. The vulnerability is addressed by reinitializing the spin-lock before attaching a new low-level driver if CONFIG_LOCKDEP is enabled.

Impact Analysis

The impact of this vulnerability is related to potential inconsistencies in lock states within the COMEDI subsystem when switching between different low-level drivers. Such inconsistencies could lead to unpredictable behavior or race conditions in device handling, potentially causing system instability or incorrect operation of COMEDI devices.

Mitigation Strategies

The vulnerability is fixed by reinitializing the spinlock (dev->spinlock) before calling the low-level driver's attach function pointer if CONFIG_LOCKDEP is enabled.

Therefore, to mitigate this vulnerability, ensure your Linux kernel is updated to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43340. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart