VYPR
High severity7.8NVD Advisory· Published May 6, 2026· Updated May 12, 2026

CVE-2026-43138

CVE-2026-43138

Description

In the Linux kernel, the following vulnerability has been resolved:

reset: gpio: suppress bind attributes in sysfs

This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
    Range: >=6.9,<6.12.75

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.