Skip to main content

Linux Kernel EUVDEUVD-2026-28627

| CVE-2026-43343 MEDIUM
2026-05-08 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-2h6g-jf6m-ch5q
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 18, 2026 - 12:37 vuln.today
CVSS changed
May 18, 2026 - 12:37 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 15:17 EUVD
CVE Published
May 08, 2026 - 14:16 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_subset: Fix unbalanced refcnt in geth_free

geth_alloc() increments the reference count, but geth_free() fails to decrement it. This prevents the configuration of attributes via configfs after unlinking the function.

Decrement the reference count in geth_free() to ensure proper cleanup.

AnalysisAI

Unbalanced reference counting in the Linux kernel USB gadget CDC Subset Ethernet driver (f_subset) causes a resource leak that denies availability of USB gadget reconfiguration. A local authenticated user can trigger the condition by allocating and freeing the geth USB gadget function, leaving the reference count permanently elevated due to a missing decrement in geth_free(). The practical impact is a denial-of-service against the configfs interface for USB gadget management - subsequent attempts to unlink and re-configure the USB function fail silently. No public exploit is identified and EPSS exploitation probability is negligible at 0.02% (7th percentile).

Technical ContextAI

The Linux kernel USB gadget framework (drivers/usb/gadget/) enables embedded systems and devices to operate as USB peripherals. The f_subset module implements the CDC Ethernet Subset (also known as 'geth'), a simplified USB networking function. USB gadget functions are managed through configfs, a RAM-based filesystem that exposes kernel objects for userspace configuration. Each function object carries a reference count governing its lifecycle: geth_alloc() correctly increments this count, but geth_free() omits the corresponding decrement. The root cause is a resource management defect - structurally analogous to CWE-911 (Improper Update of Reference Count) or CWE-459 (Incomplete Cleanup) - which prevents the kernel from reaching a refcount of zero and completing object teardown. The CPE cpe:2.3:o:linux:linux_kernel identifies the affected product as the Linux kernel across multiple stable branches, with the vulnerability traceable to the introduction of commit 02832e56f88a.

RemediationAI

Upgrade to one of the vendor-released patched kernel versions: 5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, or 7.0 stable. The upstream fixes are available as discrete commits in the stable kernel tree, referenced at https://git.kernel.org/stable/c/23e4851ce348a329d974e84e828155dda9f52122 and related commits covering all affected branches. Distribution maintainers (Debian, Ubuntu, RHEL, etc.) are expected to backport these commits into their respective kernel packages. If immediate patching is not feasible and the system does not require USB gadget CDC Ethernet Subset functionality, the f_subset kernel module can be blacklisted (add 'blacklist usb_f_subset' to /etc/modprobe.d/) to prevent the vulnerable code path from loading - this eliminates the attack surface with no side effect on systems that do not use USB peripheral networking. No advisory URL beyond the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-43343 has been identified; reference the kernel.org stable git commits directly for patch verification.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28627 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy