Race condition in Linux kernel - CVE-2026-43430
Published: May 8, 2026
Vulnerability identifier: #VU130746
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-43430
CWE-ID: CWE-362
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a race condition in the usb yurex driver probe routine when probing the device. A local user can connect a crafted or timing-sensitive USB device to cause a denial of service.
How to mitigate CVE-2026-43430
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/3cec135415a89723e2d38e1c8cc5098203355965
- https://git.kernel.org/stable/c/687d26d43a5aaf44323ce7d601cf242bb87e9559
- https://git.kernel.org/stable/c/7a875c09899ba0404844abfd8f0d54cdc481c151
- https://git.kernel.org/stable/c/939e3d17b843b0bae70467fef4481069d73c8520
- https://git.kernel.org/stable/c/a41d3d9202e951995cfac6248c565423079c71fa
- https://git.kernel.org/stable/c/a7934d7202a39c3160aa30521c382c7b744ae4a2
- https://git.kernel.org/stable/c/a8b3b3d730acea1640bc89465f2832cf06a1e13a
- https://git.kernel.org/stable/c/af83e92c329f11139d5eea2b5b7b83c26c3f67e7