CVE-2026-43427
Published: May 8, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc->length update can be reordered before the memmove. If this happens, wdm_read() can see the new length and call copy_to_user() on uninitialized memory. This also violates LKMM data race rules [1]. Fix it by using WRITE_ONCE and memory barriers.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected afba937e540c902c989cd516fd97ea0c8499bb27 - < 638328ca9c17ae6511ad62198c57bae32ffa3c91affected afba937e540c902c989cd516fd97ea0c8499bb27 - < 170e8daca24da6edb4be82ab01abf44e87af387baffected afba937e540c902c989cd516fd97ea0c8499bb27 - < c8fa96ed021923dae147bcd9f9205b8df7b82360affected afba937e540c902c989cd516fd97ea0c8499bb27 - < 4ee3062bf2c9a722afef429826e8607eaf3fc6a0affected afba937e540c902c989cd516fd97ea0c8499bb27 - < 276aef0fd2b92f41b920ac891c72cadeee957934+3 more versions |
Linux | Linux | affected 2.6.26unaffected 0 - < 2.6.26unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now