Skip to main content

Linux Kernel CVE-2026-43160

| EUVDEUVD-2026-27723 MEDIUM
Use of Uninitialized Resource (CWE-908)
2026-05-06 Linux GHSA-84vf-8m4p-c2c4
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 12:02 vuln.today
CVSS changed
May 13, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:27 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

mfd: macsmc: Initialize mutex

Initialize struct apple_smc's mutex in apple_smc_probe(). Using the mutex uninitialized surprisingly resulted only in occasional NULL pointer dereferences in apple_smc_read() calls from the probe() functions of sub devices.

AnalysisAI

NULL pointer dereferences in the Linux kernel's Apple SMC (System Management Controller) MFD driver expose Apple-hardware systems to local denial-of-service. The struct apple_smc mutex was never initialized in apple_smc_probe(), causing occasional crashes when sub-device probe() functions call apple_smc_read() and attempt to acquire the uninitialized lock. Only local, low-privileged users on Apple hardware running an affected kernel can trigger this condition. No public exploit code exists and no active exploitation has been reported; EPSS sits at 0.02% (4th percentile), consistent with a narrow hardware-specific attack surface.

Technical ContextAI

The Linux kernel Multi-Function Device (MFD) subsystem provides a framework for chips that expose multiple independent functions through a single bus connection. The apple_smc driver (drivers/mfd/macsmc.c) manages Apple's System Management Controller, which coordinates power, thermal, and peripheral state on Apple silicon and Intel-based Mac hardware. CWE-908 (Use of Uninitialized Resource) describes the root cause: the struct apple_smc mutex field was referenced in apple_smc_read() before apple_smc_probe() had called mutex_init() on it. On Linux, using an uninitialized mutex_t yields undefined behavior - in practice, the zeroed memory occasionally produces a NULL pointer dereference during the probe cascade of child MFD sub-devices. The affected CPE cpe:2.3:a:linux:linux encompasses kernel builds from commit e038d985c9823a12cd64fa077d0c5aca2c644b67 up to each stable-branch fix commit.

RemediationAI

Upgrade to a kernel version containing the one-line mutex_init() fix: 6.18.16 or later on the 6.18 stable branch, 6.19.6 or later on the 6.19 stable branch, or any mainline build at or after 7.0. The upstream fix commits are available at https://git.kernel.org/stable/c/a1e9e299c0d9ea42ab1067b39fb72e976d3f1bdb (mainline), https://git.kernel.org/stable/c/2d5932588f029f7787f52c29174fead9bbc6b2cf (6.18.x), and https://git.kernel.org/stable/c/414f65d6736342c77d4ec5e7373039f4a09250dd (6.19.x). As a compensating control where patching is not immediately feasible, blacklisting or removing the apple-mfd/macsmc kernel module (modprobe -r macsmc or adding 'blacklist macsmc' to /etc/modprobe.d/) prevents the vulnerable code path from executing, though this disables SMC-dependent functionality including fan control, battery management, and thermal regulation - making it unsuitable for production Apple hardware. Restricting physical and shell access to privileged accounts limits exploitation exposure until the patch can be applied.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43160 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy