CVE-2026-43487
Description
In the Linux kernel, the following vulnerability has been resolved:
ata: libata-core: Disable LPM on ST1000DM010-2EP102
According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102 which has the same issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A bug in the Linux kernel's libata-core causes random system freezes on systems using the ST1000DM010-2EP102 hard drive due to problematic Link Power Management (LPM), fixed by disabling LPM for this drive.
Vulnerability
The vulnerability resides in the Linux kernel's libata-core module. The ST1000DM010-2EP102 hard drive, a member of the BarraCuda family, experiences random system freezes when Link Power Management (LPM) is enabled. This issue mirrors a previously known problem with the ST2000DM008-2FR102. The fix introduces a quirk to disable LPM specifically for this drive model. Affected kernel versions include all those prior to the commit that adds the quirk.
Exploitation
No active exploitation is described. The condition is triggered automatically when the system attempts to use LPM with the affected drive. An attacker does not need to perform any specific action; the freezes occur during normal operation when the drive is connected and LPM is enabled by default or configured.
Impact
The impact is denial of service: random system freezes that can render the system unusable. There is no indication of data corruption or privilege escalation. The freeze is caused by the drive's incompatibility with LPM.
Mitigation
The fix is to disable LPM for the ST1000DM010-2EP102 drive. This was implemented in a kernel commit (reference [1]). Users should update to a kernel version that includes this commit. Alternatively, users can manually disable LPM for the drive using kernel parameters or sysfs. No workaround is needed if the kernel is patched.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
4f897b72cc74db3b1d3ae1d87a4bfb1947eda87f0349beaacVulnerability mechanics
Root cause
"Missing device-specific quirk to disable Link Power Management (LPM) on the ST1000DM010-2EP102 hard drive, which causes system freezes when LPM is active."
Attack vector
An attacker does not directly trigger this vulnerability; it is a reliability defect. When the Linux kernel's libata-core enables LPM (Link Power Management) on the ST1000DM010-2EP102 drive, the drive malfunctions and causes random system freezes. The precondition is that the system has this specific drive model installed and LPM is enabled (default behavior in many configurations). The freeze occurs during normal I/O operations when the drive enters or exits a low-power link state, leading to a denial-of-service condition.
Affected code
The vulnerability is addressed in the libata-core driver, specifically in the `ata_dev_quirks[]` table which maps drive model strings to quirk flags. The patch adds an entry for "ST1000DM010-2EP102" with the `ATA_QUIRKS_LPM` flag. The same code path handles LPM negotiation for all ATA devices via the SATA link power management logic.
What the fix does
The patch adds the ST1000DM010-2EP102 model to the `ata_dev_quirks[]` table with the `ATA_QUIRKS_LPM` quirk flag [patch_id=424534]. This flag tells the kernel to disable LPM for this drive model. The fix mirrors the existing quirk for the ST2000DM008-2FR102, which belongs to the same BarraCuda family and exhibits the same LPM-related freezes. By preventing LPM negotiation with this drive, the kernel avoids the hardware condition that causes system instability.
Preconditions
- configSystem must have an ST1000DM010-2EP102 hard drive installed
- configLPM must be enabled (default in many kernel configurations)
Generated on May 19, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.