CVE-2026-43007
Published: May 1, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles this by calling decode_deactivate() to release the resources allocated for that DBC. Since that handling is done in the qaic_manage_ioctl() context, if the user goes away before receiving and handling the deactivation, the host will be out-of-sync with the DBCs available for use, and the DBC resources will not be freed unless the device is removed. If another user loads and requests to activate a network, then the device assigns the same DBC to that network, QAIC will "indefinitely" wait for dbc->in_use = false, leading the user process to hang. As a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions that are received after the user has gone away.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 129776ac2e38231fa9c02ce20e116c99de291666 - < 2dd67966f39a2abf8ccb4865031c722e40e01b7faffected 129776ac2e38231fa9c02ce20e116c99de291666 - < 08021f2d4a557d6491e3bcc288e96425f50aa3cfaffected 129776ac2e38231fa9c02ce20e116c99de291666 - < f403094d9075d7c565a3d81002b781c325cb3c07affected 129776ac2e38231fa9c02ce20e116c99de291666 - < ee0180e77e6c8482644569632065411de844c515affected 129776ac2e38231fa9c02ce20e116c99de291666 - < 2feec5ae5df785658924ab6bd91280dc3926507c |
Linux | Linux | affected 6.4unaffected 0 - < 6.4unaffected 6.6.134 - <= 6.6.*unaffected 6.12.81 - <= 6.12.*unaffected 6.18.22 - <= 6.18.*+2 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now