Skip to main content

Linux Kernel EUVDEUVD-2026-28663

| CVE-2026-43357 MEDIUM
2026-05-08 Linux GHSA-xp2v-4799-gxpw
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 16:07 vuln.today
CVSS changed
May 15, 2026 - 16:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

iio: gyro: mpu3050-core: fix pm_runtime error handling

The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented. Use pm_runtime_resume_and_get() which propagates errors and avoids incrementing the usage count on failure.

In preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate() failure since postdisable does not run when preenable fails.

AnalysisAI

Local denial of service in Linux kernel's MPU3050 gyroscope driver allows authenticated users with low privileges to crash the system by triggering power management failures. The mpu3050-core driver fails to validate pm_runtime_get_sync() return values, enabling hardware access when device resume fails and causing improper reference counting that leads to kernel instability. EPSS score of 0.02% indicates minimal active exploitation likelihood, and patches are available across multiple stable kernel versions (5.10.253, 5.15.203, 6.1.167, 6.6.130, 6.12.78, 6.18.19, 6.19.9, 7.0).

Technical ContextAI

This vulnerability affects the Industrial I/O (IIO) subsystem's MPU3050 gyroscope driver in the Linux kernel, specifically in mpu3050-core.c. The issue stems from improper error handling in the kernel's runtime power management (pm_runtime) framework. The driver calls pm_runtime_get_sync() to resume the device before hardware access but fails to check the return value, violating the pm_runtime API contract. When device resume fails (due to hardware errors, power issues, or firmware problems), the driver proceeds with hardware operations anyway, leading to undefined behavior. Additionally, pm_runtime_get_sync() unconditionally increments the device usage counter even on failure, causing reference count leaks. The fix replaces pm_runtime_get_sync() with pm_runtime_resume_and_get(), which properly propagates errors and avoids incrementing counters on failure. The preenable hook also adds proper cleanup (pm_runtime_put_autosuspend) when set_8khz_samplerate() fails, since postdisable callbacks don't run after preenable failures. This affects Linux kernel versions from 4.10 onward (commit 3904b28efb2c) until patched.

RemediationAI

Upgrade to patched Linux kernel versions appropriate for your deployment: 5.10.253 (LTS), 5.15.203 (LTS), 6.1.167 (LTS), 6.6.130 (stable), 6.12.78 (stable), 6.18.19 (stable), 6.19.9 (stable), or 7.0 (mainline). Patches are available from https://git.kernel.org/stable/ with specific commits listed in affected_products section. If immediate patching is not feasible, implement these compensating controls with noted limitations: Disable the mpu3050 IIO driver module (rmmod mpu3050_i2c; rmmod mpu3050_spi; blacklist in /etc/modprobe.d/) if MPU3050 gyroscope functionality is not required, which eliminates the vulnerable code path but disables motion sensing capabilities for applications depending on this hardware. Alternatively, restrict access to /dev/iio:deviceX entries via udev rules to trusted users only, limiting local attack surface but not preventing exploitation by compromised privileged processes. Apply mandatory access controls (SELinux/AppArmor policies) to prevent untrusted applications from accessing IIO subsystem devices, which adds defense-in-depth but may break legitimate sensor applications. Note that workarounds do not fix the underlying kernel bug and should be considered temporary until patching is completed. Systems without MPU3050 hardware are not affected and do not require mitigation.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-28663 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy