CVE-2026-43415

Source
https://cve.org/CVERecord?id=CVE-2026-43415
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43415.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-43415
Downstream
Published
2026-05-08T14:21:52.293Z
Modified
2026-07-15T01:49:00.423167948Z
Summary
scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Fix SError in ufshcdrtcwork() during UFS suspend

In __ufshcdwlsuspend(), canceldelayedworksync() is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspend(hba, pmop, POSTCHANGE). This creates a race condition where ufshcdrtcwork() can still be running while ufshcdvopssuspend() is executing. When UFSHCDCAPCLKGATING is not supported, the condition !hba->clkgating.activereqs is always true, causing ufshcdupdatertc() to be executed. Since ufshcdvopssuspend() typically performs clock gating operations, executing ufshcdupdatertc() at that moment triggers an SError. The kernel panic trace is as follows:

Kernel panic - not syncing: Asynchronous SError Interrupt Call trace: dumpbacktrace+0xec/0x128 showstack+0x18/0x28 dumpstacklvl+0x40/0xa0 dumpstack+0x18/0x24 panic+0x148/0x374 nmipanic+0x3c/0x8c arm64serrorpanic+0x64/0x8c doserror+0xc4/0xc8 el1h64errorhandler+0x34/0x4c el1h64error+0x68/0x6c el1interrupt+0x20/0x58 el1h64irqhandler+0x18/0x24 el1h64irq+0x68/0x6c ktimeget+0xc4/0x12c ufshcdmcqsqstop+0x4c/0xec ufshcdmcqsqcleanup+0x64/0x1dc ufshcdclearcmd+0x38/0x134 ufshcdissuedevcmd+0x298/0x4d0 ufshcdexecdevcmd+0x1a4/0x1c4 ufshcdqueryattr+0xbc/0x19c ufshcdrtcwork+0x10c/0x1c8 processscheduledworks+0x1c4/0x45c workerthread+0x32c/0x3e8 kthread+0x120/0x1d8 retfromfork+0x10/0x20

Fix this by moving canceldelayedworksync() before the call to ufshcdvopssuspend(hba, pmop, PRE_CHANGE), ensuring the UFS RTC work is fully completed or cancelled at that point.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43415.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
06701a545e9a3c4e007cff6872a074bf97c40619
Fixed
a6a894413b043704b77a6294c379c93b1477e48d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6bf999e0eb41850d5c857102535d5c53b2ede224
Fixed
2fcc2fc21cae7a0cbe73053f7fc70680ce2a7f69
Fixed
b17211b512cbf0e07de27e1932428ee6c20df910
Fixed
c387a8f1d3713f6b0415ece8485042d0f134b91a
Fixed
b0bd84c39289ef6a6c3827dd52c875659291970a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6.6.81
Fixed
6.6.130

Affected versions

v6.*
v6.6.100
v6.6.101
v6.6.102
v6.6.103
v6.6.104
v6.6.105
v6.6.106
v6.6.107
v6.6.108
v6.6.109
v6.6.110
v6.6.111
v6.6.112
v6.6.113
v6.6.114
v6.6.115
v6.6.116
v6.6.117
v6.6.118
v6.6.119
v6.6.120
v6.6.121
v6.6.122
v6.6.123
v6.6.124
v6.6.125
v6.6.126
v6.6.127
v6.6.128
v6.6.129
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.6.99

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43415.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6.130
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.78
Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.18.19
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.19.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-43415.json"