Interrupt Handler Vulnerability in Linux Kernel for MCP23S08 Chip
CVE-2026-43087

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43087?

A vulnerability has been identified in the Linux kernel involving the MCP23S08 chip, where the interrupt-on-change feature can be enabled for certain pins during initialization. If a reboot occurs, this can lead to the generation of interrupts for pins lacking registered nested handlers. Consequently, this may result in a kernel crash due to an attempt to access unreadable memory. The issue originated with a kernel commit that altered the behavior of the interrupt handler, exposing the vulnerability that was previously dormant. The recommended fix involves disabling all pin interrupts during the initialization process.

Affected Version(s)

Linux f9f4fda15e720686f1b2b436591ab11255e4e85e

Linux 6.19

References

https://git.kernel.org/stable/c/f8c3258541a0680a4ebc08b05...

https://git.kernel.org/stable/c/db5b8cecbdf479ad13156af75...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43087 Data

JSON