Skip to main content

Linux Kernel CVE-2026-43353

| EUVDEUVD-2026-28659 HIGH
Race Condition (CWE-362)
2026-05-08 Linux GHSA-473v-h78r-2j73
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:27 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
7.8 (HIGH)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
HIGH 7.8
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

i3c: mipi-i3c-hci: Fix race in DMA ring dequeue

The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple transfers that timeout around the same time. However, the function is not serialized and can race with itself.

When a timeout occurs, hci_dma_dequeue_xfer() stops the ring, processes incomplete transfers, and then restarts the ring. If another timeout triggers a parallel call into the same function, the two instances may interfere with each other - stopping or restarting the ring at unexpected times.

Add a mutex so that hci_dma_dequeue_xfer() is serialized with respect to itself.

AnalysisAI

Race condition in Linux kernel I3C HCI DMA dequeue handler allows local authenticated attackers with low privileges to trigger memory corruption leading to privilege escalation, denial of service, or information disclosure. The vulnerability affects kernel versions from 5.11 onwards where the mipi-i3c-hci driver is enabled. EPSS probability is low (0.02%, 4th percentile) and no active exploitation or public POC is identified at time of analysis. Vendor patches available for stable kernel branches 6.18.19, 6.19.9, and 7.0.

Technical ContextAI

The vulnerability exists in the Linux kernel's MIPI I3C Host Controller Interface (HCI) driver, specifically in the DMA ring buffer management code. I3C is a successor bus protocol to I2C, and the HCI specification defines how host controllers interact with I3C devices. The affected function hci_dma_dequeue_xfer() handles transfer completion for DMA operations but lacks proper serialization. When multiple I3C transfers timeout simultaneously, concurrent invocations can race during critical operations like stopping the DMA ring, processing incomplete transfers, and restarting the ring. This classic time-of-check-time-of-use race condition can corrupt internal driver state, leading to memory safety violations. The fix introduces mutex-based serialization to ensure atomic execution of the dequeue path. While no specific CWE was assigned, this represents CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization / Race Condition).

RemediationAI

Update to patched Linux kernel versions: 6.18.19 or later for the 6.18 stable branch, 6.19.9 or later for the 6.19 branch, or 7.0 for mainline kernels. Patch commits are available at https://git.kernel.org/stable/c/4faa1e9c67a2229f6749190aedaf88ce0391efd2 (6.18.19), https://git.kernel.org/stable/c/b684b420a5bb0ea1b0e13abfdb8ce41c5266e62e (6.19.9), and https://git.kernel.org/stable/c/1dca8aee80eea76d2aae21265de5dd64f6ba0f09 (mainline). For systems that cannot immediately upgrade, disable the mipi-i3c-hci driver by blacklisting the kernel module (add 'blacklist i3c_hci' to /etc/modprobe.d/blacklist.conf and regenerate initramfs) if I3C functionality is not required, though this renders I3C devices non-functional. Restrict local user access and monitor for abnormal I3C subsystem errors in kernel logs (dmesg) as potential exploitation indicators. No firewall or network controls apply since this is a local kernel vulnerability. The blacklist workaround eliminates risk but breaks I3C device support, making it suitable only for non-I3C deployments. Full advisory details at https://nvd.nist.gov/vuln/detail/CVE-2026-43353.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43353 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy