Skip to main content

Linux Kernel CVE-2026-43143

| EUVDEUVD-2026-27704 MEDIUM
2026-05-06 Linux GHSA-m3xp-x2x9-8qr4
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 11:57 vuln.today
CVSS changed
May 13, 2026 - 18:52 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

mfd: core: Add locking around 'mfd_of_node_list'

Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfd_of_node_list' to prevent possible crashes.

AnalysisAI

Missing mutex locking around the mfd_of_node_list linked list in the Linux kernel's Multi-Function Device (MFD) core subsystem allows a local low-privileged attacker to trigger a race condition, resulting in a kernel crash and denial of service. The vulnerability spans multiple stable kernel branches from the introducing commit 466a62d7642f through patched releases in 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, and 7.0. No public exploit exists and the EPSS score of 0.02% (7th percentile) reflects negligible community exploitation interest; this is not listed in CISA KEV.

Technical ContextAI

The MFD (Multi-Function Device) subsystem in the Linux kernel (drivers/mfd/mfd-core.c) maintains a shared linked list called mfd_of_node_list to track device tree nodes across MFD device registrations and deregistrations. Linux kernel list primitives (list_add, list_del, etc.) are explicitly not thread-safe - concurrent access without a mutex guard can corrupt list pointers, leading to null pointer dereferences or use-after-free conditions that manifest as kernel panics. The fix introduces a mutex that gates every read and write access to this list. While NVD assigned no CWE, the root cause class is CWE-667 (Improper Locking) or equivalently CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization). Affected CPE is cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*, confirming the scope covers mainline and all stable branches introduced after the offending commit. Downstream distributions Red Hat and SUSE are explicitly tagged as affected.

RemediationAI

The primary remediation is upgrading to a patched Linux kernel stable release: 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, or 7.0. Upstream fix commits covering each stable branch are available at https://git.kernel.org/stable/c/dcfa679bba02412f2087be21cf06ae88b1f4e0ef, https://git.kernel.org/stable/c/e2e7c275f557e2b75e3128f4818063798248774c, https://git.kernel.org/stable/c/db131ef9d8980cf60dcac8cf94c036eccf75e5d0, https://git.kernel.org/stable/c/9b02e3fec3a7fcb990b4d3bd3b13d7edf123dca6, https://git.kernel.org/stable/c/45341856ecda1d56689451abd5cf1d1aa57dbe47, and https://git.kernel.org/stable/c/20117c92bcf9c11afd64d7481d8f94fdf410726e. Red Hat and SUSE users should monitor vendor security channels for distribution-specific kernel updates. If immediate patching is not possible on systems requiring MFD hardware, restricting local user privileges to prevent module load/unload operations (e.g., via CAP_SYS_MODULE restriction or kernel lockdown mode) reduces the attack surface, though at the cost of limiting legitimate driver management. There is no configuration flag to disable the affected code path without removing MFD driver support.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43143 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy