SCSI Command Handling Flaw in Linux Kernel Affects Multiple Products
CVE-2026-43054

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 1 May 2026

What is CVE-2026-43054?

A vulnerability in the Linux kernel's SCSI target component affects the tcm_loop module, specifically in the handling of reset commands. The function tcm_loop_target_reset() improperly returns success without draining in-flight commands, which violates the SCSI error handling contract. This mismanagement can lead to blocked processes and prevents proper LUN unlinking in configfs, as shown by significant task blocking messages. To resolve this, the reset function needs to properly drain outstanding commands before indicating readiness for new commands, similar to practices in other SCSI low-level drivers.

Affected Version(s)

Linux e0eb5d38b732b011cd9ed5b1bf9f59b83c2500d3 < 757c43c692294cdfad31390accc0e90429b2ef8a

Linux e0eb5d38b732b011cd9ed5b1bf9f59b83c2500d3 < 103f79e4949513247d763c6e7f3cbbf62017afdf

Linux e0eb5d38b732b011cd9ed5b1bf9f59b83c2500d3 < 15f5241d5a52364a7e7867b49128b0442dbcad9d

References

https://git.kernel.org/stable/c/757c43c692294cdfad31390ac...

https://git.kernel.org/stable/c/103f79e4949513247d763c6e7...

https://git.kernel.org/stable/c/15f5241d5a52364a7e7867b49...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 1, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43054 Data

JSON