SB2026050940 - Improper control of a resource through its lifetime in Linux kernel master mipi-i3c-hci driver



SB2026050940 - Improper control of a resource through its lifetime in Linux kernel master mipi-i3c-hci driver

Published: May 9, 2026

Security Bulletin ID SB2026050940
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-43352)

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper state management in the DMA ring abort handling logic in the mipi-i3c-hci driver when processing DMA dequeue operations. A local user can trigger ring abort handling in an invalid ring state to cause a denial of service.

The issue can occur when the ring is already stopped, and the abort sequence may reset hardware ring pointers and disrupt controller state.


Remediation

Install update from vendor's website.