CVE-2026-43343
USB Gadget Subset Reference Count Leak Fix
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's USB gadget subsystem, specifically in the f_subset function. The issue is that the function geth_alloc() increases a reference count, but the corresponding geth_free() function does not decrease it. This imbalance in reference counting prevents proper cleanup and stops the configuration of attributes via configfs after the function is unlinked.
The fix involves decrementing the reference count in geth_free() to ensure that resources are properly released.
How can this vulnerability impact me? :
Because the reference count is not properly decremented, the system may fail to clean up resources correctly after unlinking the USB gadget function. This can lead to issues with configuring attributes via configfs, potentially causing malfunction or instability in USB gadget operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version where the issue in usb: gadget: f_subset has been fixed. Specifically, ensure that the kernel includes the patch that decrements the reference count in geth_free() to prevent improper cleanup.
Applying the latest kernel updates from your Linux distribution vendor is the recommended immediate step.