CVE-2026-43423
Undergoing Analysis Undergoing Analysis - In Progress
Atomic Context Locking Issue in Linux Kernel USB Gadget NCM

Publication date: 2026-05-08

Last updated on: 2026-05-22

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix atomic context locking issue The ncm_set_alt function was holding a mutex to protect against races with configfs, which invokes the might-sleep function inside an atomic context. Remove the struct net_device pointer from the f_ncm_opts structure to eliminate the contention. The connection state is now managed by a new boolean flag to preserve the use-after-free fix from commit 6334b8e4553c ("usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error"). BUG: sleeping function called from invalid context Call Trace: dump_stack_lvl+0x83/0xc0 dump_stack+0x14/0x16 __might_resched+0x389/0x4c0 __might_sleep+0x8e/0x100 ... __mutex_lock+0x6f/0x1740 ... ncm_set_alt+0x209/0xa40 set_config+0x6b6/0xb40 composite_setup+0x734/0x2b40 ...
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-22
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-17
NVD
CVE-2026-43423
EUVD
EUVD-2026-28729
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.18.17 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.19.7 (inc) to 6.19.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability has been resolved by removing the struct net_device pointer from the f_ncm_opts structure and managing connection state with a new boolean flag to avoid contention and use-after-free issues.

Immediate mitigation steps include:

  • Update your Linux kernel to a version that includes the fix for this vulnerability.
  • If updating is not immediately possible, consider disabling the usb gadget f_ncm driver if it is not required in your environment.
  • Monitor kernel logs for related BUG messages to detect any exploitation attempts.

Applying the official patch or upgrading to a fixed kernel version is the most effective way to mitigate this issue.

Executive Summary

This vulnerability in the Linux kernel involves the usb gadget function f_ncm, specifically in the ncm_set_alt function. The issue was that a mutex was held to protect against race conditions with configfs, but this mutex lock was called inside an atomic context where sleeping is not allowed. This caused a 'sleeping function called from invalid context' bug.

To fix this, the developers removed a struct net_device pointer from the f_ncm_opts structure to avoid contention and replaced it with a boolean flag to manage connection state safely, preserving a previous fix for a use-after-free issue.

Impact Analysis

This vulnerability can cause kernel crashes or instability due to improper locking in an atomic context, which may lead to system crashes or denial of service conditions on affected Linux systems using the usb gadget f_ncm functionality.

Detection Guidance

This vulnerability relates to an atomic context locking issue in the Linux kernel's usb gadget f_ncm driver, which can cause a BUG due to a sleeping function being called from an invalid context.

Detection would typically involve monitoring kernel logs for BUG messages related to 'sleeping function called from invalid context' or stack traces involving ncm_set_alt, __might_sleep, or __mutex_lock.

You can check your kernel logs using commands such as:

  • dmesg | grep -i 'sleeping function called from invalid context'
  • journalctl -k | grep -i 'ncm_set_alt'
  • grep -i 'BUG' /var/log/kern.log

These commands help identify if the kernel has logged any relevant errors indicating the presence of this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43423. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart