Skip to main content

Linux Kernel EUVDEUVD-2026-30020

| CVE-2026-43484 MEDIUM
2026-05-13 Linux GHSA-42p4-9577-4wfh
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
4.7 MEDIUM

Race condition exploitation is timing-dependent and hardware-conditional, warranting AC:H over the vendor-assigned AC:L; all other metrics retained.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 26, 2026 - 21:56 vuln.today
CVSS changed
Jun 26, 2026 - 19:37 NVD
5.5 (MEDIUM)
Patch available
May 13, 2026 - 16:33 EUVD
CVE Published
May 13, 2026 - 15:08 nvd
MEDIUM 5.5
CVE Published
May 13, 2026 - 15:08 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

mmc: core: Avoid bitfield RMW for claim/retune flags

Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts.

The host->claimed bit shared a word with retune flags. Writes to claimed in __mmc_claim_host() or retune_now in mmc_mq_queue_rq() can overwrite other bits when concurrent updates happen in other contexts, triggering spurious WARN_ON(!host->claimed). Convert claimed, can_retune, retune_now and retune_paused to bool to remove shared-word coupling.

AnalysisAI

Concurrent bitfield RMW (Read-Modify-Write) corruption in the Linux kernel MMC core subsystem allows a local authenticated user to trigger spurious WARN_ON panics or system instability on MMC-enabled devices. The root cause is that host->claimed and retune control flags shared a single bitfield word; under concurrent access from __mmc_claim_host() and mmc_mq_queue_rq(), non-atomic RMW operations allow one thread's write to silently overwrite bits modified by another, corrupting MMC host state. No public exploit has been identified at time of analysis, and EPSS sits at 0.02% (7th percentile), reflecting the narrow, race-window-dependent trigger and low attacker leverage on commodity systems.

Technical ContextAI

The Linux kernel MMC (MultiMediaCard) subsystem, identified via CPE cpe:2.3:a:linux:linux, manages SD cards, eMMC flash, and SDIO devices. The affected code in mmc/core stores multiple control flags - claimed, can_retune, retune_now, retune_paused - packed into a shared bitfield word on the mmc_host structure. On SMP systems, bitfield operations are not inherently atomic: a RMW on one flag (e.g., retune_now in mmc_mq_queue_rq) reads the whole word, modifies one bit, and writes back, racing with a concurrent write to claimed in __mmc_claim_host(). The losing thread overwrites the other's change, producing state corruption that manifests as spurious WARN_ON(!host->claimed) assertions. No CWE was assigned by NVD, but this maps closely to CWE-362 (Concurrent Execution Using Shared Resource with Improper Synchronization) combined with non-atomic compound operations. The fix converts claimed, can_retune, retune_now, and retune_paused to individual bool variables, eliminating shared-word coupling without requiring locks for each flag update.

RemediationAI

Upgrade to a patched kernel version: Linux 7.0, 6.19.9, 6.18.19, 6.12.78, 6.6.130, 6.1.167, or 5.15.203, depending on the deployed stable branch. Upstream fix commits are available at https://git.kernel.org/stable/c/41dce4dae583a8ce06a7ebf4ce704c46a142957c (and branch-specific variants linked in the references). For systems that cannot be immediately patched, a compensating control is to unload or blacklist the MMC/mmc_core kernel module if eMMC or SD card functionality is non-essential - this eliminates the vulnerable codepath entirely but will disable all MMC-dependent storage. On embedded or IoT systems where MMC is the primary storage medium, this workaround is not viable; prioritize patching. No additional configuration changes are required alongside the kernel upgrade.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected

Share

EUVD-2026-30020 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy