High severity7.8NVD Advisory· Published May 6, 2026· Updated May 12, 2026
CVE-2026-43138
CVE-2026-43138
Description
In the Linux kernel, the following vulnerability has been resolved:
reset: gpio: suppress bind attributes in sysfs
This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consumer. Suppress sysfs bind attributes so that user-space can't unbind the device because - as of now - it will cause a use-after-free splat from any user that puts the reset control handle.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.