Skip to main content

Linux Kernel EUVDEUVD-2026-28658

| CVE-2026-43352 HIGH
2026-05-08 Linux GHSA-qwc4-m3m3-3g83
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:27 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
7.8 (HIGH)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
HIGH 7.8
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue

The logic used to abort the DMA ring contains several flaws:

  1. The driver unconditionally issues a ring abort even when the ring has

already stopped.

  1. The completion used to wait for abort completion is never

re-initialized, resulting in incorrect wait behavior.

  1. The abort sequence unintentionally clears RING_CTRL_ENABLE, which

resets hardware ring pointers and disrupts the controller state.

  1. If the ring is already stopped, the abort operation should be

considered successful without attempting further action.

Fix the abort handling by checking whether the ring is running before issuing an abort, re-initializing the completion when needed, ensuring that RING_CTRL_ENABLE remains asserted during abort, and treating an already stopped ring as a successful condition.

AnalysisAI

Flawed DMA ring abort handling in the Linux kernel's MIPI I3C Host Controller Interface driver allows local authenticated attackers with low privileges to cause high-severity impacts including information disclosure, integrity violations, and denial of service. The vulnerability stems from improper abort sequence logic that disrupts controller state by unintentionally clearing hardware enable bits and resetting ring pointers. Vendor patches are available for kernel versions 6.18.19, 6.19.9, and 7.0. EPSS score of 0.02% (4th percentile) indicates low probability of mass exploitation, and no active exploitation or public POC has been identified at time of analysis.

Technical ContextAI

The vulnerability exists in the i3c/mipi-i3c-hci driver component responsible for managing MIPI I3C (Improved Inter-Integrated Circuit) Host Controller Interface DMA operations. The I3C protocol is a two-wire serial communication standard used in embedded systems and IoT devices. The flaw affects the DMA ring buffer abort mechanism during dequeue operations, specifically the RING_CTRL_ABORT handling logic. Four distinct implementation errors compound the issue: unconditional abort commands sent to already-stopped rings, uninitialized completion synchronization primitives causing race conditions, inadvertent clearing of the RING_CTRL_ENABLE bit during abort sequences (which resets hardware ring head/tail pointers and corrupts the controller's internal state machine), and missing status checks that should treat stopped rings as already-successful abort conditions. This driver component has been present since commit 9ad9a52cce2828d932ae9495181e3d6414f72c07 and affects systems utilizing MIPI I3C hardware controllers with DMA capability.

RemediationAI

Primary remediation is upgrading to patched Linux kernel versions 6.18.19, 6.19.9, 7.0 or later, or applying the specific fix commits from the kernel stable tree (https://git.kernel.org/stable/c/b795e68bf3073d67bebbb5a44d93f49efc5b8cc7, https://git.kernel.org/stable/c/003df94bcc9227e8e930abd03ac7f63ac10033dc, https://git.kernel.org/stable/c/5549611888f5ca2db5e8e692b57f30626ddf9898). For embedded systems or IoT devices where kernel updates require vendor-specific builds, contact your device manufacturer for firmware updates incorporating these patches. If immediate patching is not feasible, compensating controls include blacklisting the mipi-i3c-hci kernel module if I3C functionality is not required (using 'modprobe.blacklist=i3c_mipi_hci' kernel parameter), though this completely disables I3C device communication. Restricting local user access and implementing mandatory access controls (SELinux/AppArmor) to limit processes that can interact with I3C device nodes in /dev can reduce exploitation surface, but does not prevent kernel-level access by privileged processes. Note that disabling the driver may break functionality of I3C-dependent peripherals such as certain touchscreens, sensors, or communication interfaces in affected hardware. Official vendor advisory details are available at https://nvd.nist.gov/vuln/detail/CVE-2026-43352.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28658 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy