CVE-2026-43340 · threatengine.sh

Home/CVE/In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to

CVE

CVE-2026-43340

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to

In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev-spinlock between attachments to low-level drivers struct comedi_device is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")). Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedi_num_legacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the COMEDI_DEVCONFIG ioctl command.

This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing dev-spinlock before calling the low-level driver's attach function pointer if CONFIG_LOCKDEP is enabled.

MEDIUM · CVSS 5.5 EPSS 0.00013

Monitor

No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence

Sigma rules0 YARA rules0

▤

Affected Products & Versions

8

linux kernel>= 2.6.29 and < 5.10.253
linux kernel>= 5.11 and < 5.15.203
linux kernel>= 5.16 and < 6.1.168
linux kernel>= 6.2 and < 6.6.134
linux kernel>= 6.7 and < 6.12.81
linux kernel>= 6.13 and < 6.18.22
linux kernel>= 6.19 and < 6.19.12
linux kernelall versions

▣

Scoring & Timeline

5.5

MEDIUM · CVSS v3.1 · 416baaa9-dc9f-4396-8d5f-8c081fb06d67

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD08 May 2026 · 02:16 PM

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

🔗

References & Sources

8

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

https://git.kernel.org/stable/c/2b1f49e4fdff3ef0f8e9158bbb5b149e06287560Patch

https://git.kernel.org/stable/c/3181c34b415c5464be9d34bff3e43ef63b747039Patch

https://git.kernel.org/stable/c/430291d8f3884f57ae0057049b0ca291453e29e1Patch

https://git.kernel.org/stable/c/4b9a9a6d71e3e252032f959fb3895a33acb5865cPatch

https://git.kernel.org/stable/c/4d5ffe524903a30e2e0da7d16841a56bec2de55cPatch

https://git.kernel.org/stable/c/83134a7a176ce5b4b19b6edecf4360e8d98d1a5aPatch

Show all 8 references

https://git.kernel.org/stable/c/b89c026227712c367950bbae055a5b31073d3b30Patch

https://git.kernel.org/stable/c/c01bcc67a9a692d65508ebd480405b5e77d562b7Patch

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin