CVE-2026-43340

Source
https://cve.org/CVERecord?id=CVE-2026-43340
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43340.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43340
Downstream
Published
2026-05-08T13:37:18.580Z
Modified
2026-07-15T01:49:20.907200793Z
Summary
comedi: Reinit dev->spinlock between attachments to low-level drivers
Details

In the Linux kernel, the following vulnerability has been resolved:

comedi: Reinit dev->spinlock between attachments to low-level drivers

struct comedi_device is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member spinlock containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")).

Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedinumlegacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the COMEDI_DEVCONFIG ioctl command. This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing dev->spinlock before calling the low-level driver's attach function pointer if CONFIG_LOCKDEP is enabled.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43340.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ed9eccbe8970f6eedc1b978c157caf1251a896d4
Fixed
3181c34b415c5464be9d34bff3e43ef63b747039
Fixed
2b1f49e4fdff3ef0f8e9158bbb5b149e06287560
Fixed
4d5ffe524903a30e2e0da7d16841a56bec2de55c
Fixed
c01bcc67a9a692d65508ebd480405b5e77d562b7
Fixed
430291d8f3884f57ae0057049b0ca291453e29e1
Fixed
b89c026227712c367950bbae055a5b31073d3b30
Fixed
83134a7a176ce5b4b19b6edecf4360e8d98d1a5a
Fixed
4b9a9a6d71e3e252032f959fb3895a33acb5865c

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43340.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.6.29
Fixed
5.10.253
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.203
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.168
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.134
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.81
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.22
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43340.json"