Main Vulnerability Database Vulnerabilities #VU131427

Improper resource shutdown or release in Linux kernel - CVE-2026-43479

Published: May 14, 2026

Vulnerability identifier: #VU131427

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-43479

CWE-ID: CWE-404

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows an attacker with physical access to cause a denial of service.

The vulnerability exists due to improper resource shutdown in the lan78xx USB network driver disconnect path when handling USB device disconnect. An attacker with physical access can disconnect a crafted USB network device to cause a denial of service.

How to mitigate CVE-2026-43479

Install security update from vendor's repository.

Sources

https://git.kernel.org/stable/c/20ce2bd1c1848414c5d3520d301ed3f5751ed634
https://git.kernel.org/stable/c/312c816c6bc30342bc30dca0d6db617ab4d3ae4e
https://git.kernel.org/stable/c/395a8b903738511f536c97c427e15ef038e1a11c

Improper resource shutdown or release in Linux kernel - CVE-2026-43479

Detailed vulnerability description

How to mitigate CVE-2026-43479

Sources

Please verify you're human