CVE-2026-43340
Description
In the Linux kernel, the following vulnerability has been resolved:
comedi: Reinit dev->spinlock between attachments to low-level drivers
struct comedi_device is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")).
Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedi_num_legacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the COMEDI_DEVCONFIG ioctl command. This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing dev->spinlock before calling the low-level driver's attach function pointer if CONFIG_LOCKDEP is enabled.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Linux kernel COMEDI device vulnerability reinitializes spinlock on reattachment, preventing inconsistent lock states.
Vulnerability
CVE-2026-43340 is a medium-severity vulnerability in the Linux kernel's COMEDI subsystem, a data acquisition device subsystem. The struct comedi_device contains a spinlock member that, since commit 25436dc9d84f, is reserved for use by the attached low-level driver. When a COMEDI device is reattached to a different low-level driver via the COMEDI_DEVCONFIG ioctl, the spinlock, the existing lock state can become inconsistent if the drivers have different locking-level expectations, potentially leading to incorrect lockdep reports [1].
Exploitation
The bug affects COMEDI devices created with the comedi.comedi_num_legacy_minors parameter. An attacker with sufficient privileges to attach low-level drivers to the same COMEDI device could trigger the inconsistency. No authentication over the network is required; local access to the COMEDI device configuration is sufficient. The fix reinitializes dev->spinlock before each low-level driver's attach callback, but only when CONFIG_LOCKDEP is enabled [2].
Impact
If not mitigated, an attacker could cause kernel locking mismatches that manifest as kernel lockdep splats or system instability. The CVSS score of 5.5 indicates a moderate availability impact with low attack complexity [3].
Mitigation
The patch has been applied in the Linux kernel stable trees. Users should update to the latest kernel version containing the fix (commit 3181c34b415c). No workaround is provided for unpatched kernels [4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/2b1f49e4fdff3ef0f8e9158bbb5b149e06287560nvdPatch
- git.kernel.org/stable/c/3181c34b415c5464be9d34bff3e43ef63b747039nvdPatch
- git.kernel.org/stable/c/430291d8f3884f57ae0057049b0ca291453e29e1nvdPatch
- git.kernel.org/stable/c/4b9a9a6d71e3e252032f959fb3895a33acb5865cnvdPatch
- git.kernel.org/stable/c/4d5ffe524903a30e2e0da7d16841a56bec2de55cnvdPatch
- git.kernel.org/stable/c/83134a7a176ce5b4b19b6edecf4360e8d98d1a5anvdPatch
- git.kernel.org/stable/c/b89c026227712c367950bbae055a5b31073d3b30nvdPatch
- git.kernel.org/stable/c/c01bcc67a9a692d65508ebd480405b5e77d562b7nvdPatch
News mentions
0No linked articles in our index yet.