CVE-2026-43143
Description
In the Linux kernel, the following vulnerability has been resolved:
mfd: core: Add locking around 'mfd_of_node_list'
Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfd_of_node_list' to prevent possible crashes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A missing locking in the Linux kernel's MFD subsystem when manipulating the 'mfd_of_node_list' can lead to list corruption and system crashes.
Vulnerability
CVE-2026-43143 describes a race condition in the Linux kernel's Multi-Function Device (MFD) subsystem. The mfd_of_node_list is a kernel list that tracks device tree nodes for MFD sub-devices. The official description states that manipulating this list without mutual exclusion is unsafe, and a mutex was added to prevent possible crashes [1].
Exploitation
An attacker would need to trigger this race condition by causing concurrent access to the mfd_of_node_list from multiple kernel threads. This could occur during device probing, hotplug events, or other operations that add or remove MFD sub-devices. No special privileges are required beyond the ability to trigger such concurrent operations, which may be possible from user space through device interactions or by exploiting other kernel mechanisms.
Impact
Successful exploitation leads to list corruption, which can cause kernel memory corruption, system crashes (denial of service), or potentially other undefined behavior. The CVSS v3 base score of 5.5 (Medium) reflects the availability impact, but the impact is limited to availability (system crash) and does not include privilege escalation or data confidentiality breaches.
Mitigation
The fix has been applied to the Linux kernel stable tree via commits [1], [2], [3], and [4]. Users should update to a kernel version containing these patches. No workarounds are mentioned in the available references.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- git.kernel.org/stable/c/20117c92bcf9c11afd64d7481d8f94fdf410726envdPatch
- git.kernel.org/stable/c/45341856ecda1d56689451abd5cf1d1aa57dbe47nvdPatch
- git.kernel.org/stable/c/9b02e3fec3a7fcb990b4d3bd3b13d7edf123dca6nvdPatch
- git.kernel.org/stable/c/db131ef9d8980cf60dcac8cf94c036eccf75e5d0nvdPatch
- git.kernel.org/stable/c/dcfa679bba02412f2087be21cf06ae88b1f4e0efnvdPatch
- git.kernel.org/stable/c/e2e7c275f557e2b75e3128f4818063798248774cnvdPatch
News mentions
0No linked articles in our index yet.