CVE-2026-43432
Analyzed Analyzed - Analysis Complete
Memory Leak in Linux Kernel XHCI Driver

Publication date: 2026-05-08

Last updated on: 2026-05-20

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhci_disable_slot() xhci_alloc_command() allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhci_disable_slot() only frees the command structure using kfree(), causing the completion structure to leak. Use xhci_free_command() instead of kfree(). xhci_free_command() correctly frees both the command structure and the associated completion structure. Since the command structure is allocated with zero-initialization, command->in_ctx is NULL and will not be erroneously freed by xhci_free_command(). This bug was found using an experimental static analysis tool we are developing. The tool is based on the LLVM framework and is specifically designed to detect memory management issues. It is currently under active development and not yet publicly available, but we plan to open-source it after our research is published. The bug was originally detected on v6.13-rc1 using our static analysis tool, and we have verified that the issue persists in the latest mainline kernel. We performed build testing on x86_64 with allyesconfig using GCC=11.4.0. Since triggering these error paths in xhci_disable_slot() requires specific hardware conditions or abnormal state, we were unable to construct a test case to reliably trigger these specific error paths at runtime.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-20
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2026-43432
EUVD
EUVD-2026-28738
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.4.165 (inc) to 5.5 (exc)
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.19 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.9 (exc)
linux linux_kernel From 4.19.221 (inc) to 4.20 (exc)
linux linux_kernel From 5.10.85 (inc) to 5.10.253 (exc)
linux linux_kernel From 5.15.8 (inc) to 5.15.203 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-401 The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a memory leak in the Linux kernel's USB xHCI driver, specifically in the function xhci_disable_slot().

The issue occurs because when xhci_alloc_command() allocates a command structure and a completion structure, the error handling path in xhci_disable_slot() only frees the command structure using kfree(), but does not free the associated completion structure, causing a memory leak.

The fix involves using xhci_free_command() instead of kfree(), as xhci_free_command() correctly frees both the command and completion structures.

This bug was found using an experimental static analysis tool based on the LLVM framework designed to detect memory management issues.

Impact Analysis

This memory leak vulnerability can lead to increased memory usage in the Linux kernel when the affected USB xHCI driver function is triggered under error conditions.

Over time, this could degrade system performance or stability, especially on systems with limited memory or those that frequently encounter the error conditions that trigger this leak.

However, triggering this vulnerability requires specific hardware conditions or abnormal states, making it less likely to be encountered in typical usage.

Detection Guidance

This vulnerability is a memory leak in the Linux kernel's xhci_disable_slot() function related to USB xHCI driver internals. It was found using an experimental static analysis tool based on the LLVM framework designed to detect memory management issues.

Since triggering the error paths that cause the leak requires specific hardware conditions or abnormal states, and no reliable runtime test case exists, there are no known commands or network/system detection methods available to detect this vulnerability directly.

Mitigation Strategies

The vulnerability has been resolved by replacing the incorrect kfree() call with xhci_free_command(), which properly frees all allocated structures.

Immediate mitigation steps include updating your Linux kernel to a version that contains this fix (post v6.13-rc1 or later mainline kernels where the patch is applied).

Since the issue is a memory leak triggered under specific hardware or abnormal conditions, ensuring your system is running an updated kernel is the primary and recommended mitigation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart