Race Condition in Linux Kernel Affecting MCTP Functionality
CVE-2026-43455

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 May 2026

What is CVE-2026-43455?

A race condition vulnerability exists in the Linux kernel's MCTP implementation. The issue arises from inadequate serialization of access to the 'key->dev' variable, leading to potential resource leaks. Specifically, the function mctp_flow_prepare_output() fails to hold the appropriate lock when checking for 'key->dev'. This allows concurrent threads to modify 'key->dev' without proper synchronization, resulting in inconsistencies and incorrect handling of device references. The flaw can potentially lead to lost references, making it crucial for users to apply the relevant patches to ensure system stability and security.

Affected Version(s)

Linux 67737c457281dd199ceb9e31b6ba7efd3bfe566d < 47893166bc5611ee9a20de6b8d2933b2320fb772

Linux 67737c457281dd199ceb9e31b6ba7efd3bfe566d < 86f5334fcb48a5b611c33364ab52ca684d0f6d91

Linux 67737c457281dd199ceb9e31b6ba7efd3bfe566d < 0695712f3a6f1a48915f95767cfb42077683dcdc

References

https://git.kernel.org/stable/c/47893166bc5611ee9a20de6b8...

https://git.kernel.org/stable/c/86f5334fcb48a5b611c33364a...

https://git.kernel.org/stable/c/0695712f3a6f1a48915f95767...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43455 Data

JSON