Skip to main content

Linux Kernel EUVDEUVD-2026-28626

| CVE-2026-43342 MEDIUM
Race Condition (CWE-362)
2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-pfm7-36qc-84v9
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 18, 2026 - 12:38 vuln.today
CVSS changed
May 18, 2026 - 12:37 NVD
4.7 (MEDIUM)
Patch available
May 08, 2026 - 15:02 EUVD
CVE Published
May 08, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_rndis: Protect RNDIS options with mutex

The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs.

Use existing mutex to protect these options. This issue was identified during code inspection.

AnalysisAI

Race condition in the Linux kernel's USB RNDIS gadget function driver (f_rndis) allows a local low-privileged attacker to crash the kernel by concurrently manipulating class/subclass/protocol configfs attributes without mutex protection. Identified during code inspection - not observed in active exploitation - this vulnerability affects multiple stable kernel branches from 4.14 through 7.0-rc3, with patches released across all maintained stable series. With an EPSS of 0.02% (7th percentile), no public exploit, and no CISA KEV listing, real-world risk is low but meaningful on embedded or IoT devices using Linux as a USB RNDIS peripheral.

Technical ContextAI

The Linux kernel's USB gadget subsystem enables Linux devices to act as USB peripherals. The f_rndis driver implements RNDIS (Remote Network Driver Interface Specification), commonly used to expose Ethernet-over-USB on embedded systems and development boards. The driver exposes class, subclass, and protocol configuration attributes as writable configfs entries under /sys/kernel/config/usb_gadget/. CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization) describes the root cause: concurrent configfs reads and writes to these attributes can race without holding the mutex that already exists in the driver, potentially causing kernel memory corruption or use of inconsistent state sufficient to crash the kernel. The fix applies the existing mutex to all attribute accessors. Affected CPE is cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*, spanning the range from the introducing commit (73517cf49bd449122b615d2b7a6bb835f02252e5) through the respective fix commits in each stable branch.

RemediationAI

Upgrade the Linux kernel to the appropriate patched version for your stable branch: 5.10.253 or later, 5.15.203 or later, 6.1.168 or later, 6.6.134 or later, 6.12.81 or later, 6.18.22 or later, 6.19.12 or later, or 7.0 once generally available. Patch commits are indexed at the git.kernel.org stable repository links provided in the references. For systems that do not require USB RNDIS gadget functionality, unloading or blacklisting the usb_f_rndis kernel module (via 'modprobe -r usb_f_rndis' or adding 'blacklist usb_f_rndis' to /etc/modprobe.d/blacklist.conf) eliminates the attack surface entirely with no functional impact on non-gadget systems. Additionally, restricting write access to the configfs gadget mount point (typically /sys/kernel/config/usb_gadget/) to only authorized administrative users reduces exposure for systems that must retain RNDIS functionality. Neither workaround requires a reboot, but the module unload approach will disrupt any active USB gadget sessions.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28626 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy