CVE-2026-43427
USB CDC-WDM Memory Corruption in Linux Kernel
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | kernel | * |
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's usb class driver for cdc-wdm devices. It is caused by a reordering issue in the read code path where, due to compiler optimization or CPU out-of-order execution, an update to the descriptor length can occur before a memory move operation completes. As a result, the read function (wdm_read) might see an updated length and attempt to copy data to user space from uninitialized memory, which is unsafe and violates kernel memory model data race rules.
The issue was fixed by using WRITE_ONCE and memory barriers to ensure proper ordering of operations and prevent this unsafe behavior.
How can this vulnerability impact me? :
This vulnerability can lead to the Linux kernel copying uninitialized memory to user space during read operations on cdc-wdm devices. This may cause information leakage of sensitive kernel memory contents or lead to unpredictable behavior or crashes in applications relying on this data.