CVE-2026-43428
USB Timeout Handling Fix in Linux Kernel
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the Linux kernel's USB core APIs allowing unkillable synchronous timeouts that can hang tasks indefinitely. Detection would involve monitoring for processes stuck in uninterruptible sleep states (usually 'D' state) related to USB operations.
You can use commands like 'ps' or 'top' to identify processes in uninterruptible sleep. For example, running 'ps aux | grep D' can show processes stuck in the 'D' state.
Additionally, checking kernel logs (e.g., using 'dmesg' or 'journalctl') for hung-task detector messages or USB-related errors may help identify symptoms of this issue.
Since the vulnerability relates to USB control, bulk, and interrupt messages with unlimited timeouts, monitoring USB device behavior and any tasks interacting with USB devices for hangs or unresponsiveness is recommended.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's USB core, specifically in the usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs. These APIs allow unkillable synchronous timeouts with unlimited duration, meaning a task can hang indefinitely without any way to kill it except by unplugging the device. The issue arises because these APIs use uninterruptible waits, which can cause a task to become stuck for an unlimited time.
The vulnerability was addressed by enforcing a maximum timeout limit of 60 seconds on these unkillable synchronous timeouts. Additionally, negative timeout values are treated as zero, which means the maximum allowed timeout is used, removing ambiguity.
How can this vulnerability impact me? :
This vulnerability can cause tasks in the Linux kernel to hang indefinitely when using certain USB APIs, leading to system instability or unresponsiveness. Since the tasks are in uninterruptible wait states, they cannot be killed or stopped normally, potentially requiring physical intervention such as unplugging the USB device to recover.
Such hangs could disrupt normal system operations, degrade performance, or cause denial of service conditions on systems relying on USB devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Linux kernel is updated to a version where the USB core limits the length of unkillable synchronous timeouts to a maximum of 60 seconds.
This update enforces a maximum timeout limit on usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs, preventing tasks from hanging indefinitely.
If updating the kernel is not immediately possible, consider unplugging USB devices that may cause the system to hang due to unkillable synchronous timeouts.