Linux Kernel USB Device Disconnect Vulnerability in LAN78XX Module
CVE-2026-43479

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 13 May 2026

What is CVE-2026-43479?

A vulnerability exists in the Linux kernel's handling of the LAN78XX USB device during the disconnection process. Specifically, a redundant call to netif_napi_del() in the disconnect path may trigger a warning when NAPI is still enabled, even though the call is unnecessary. The removal of this redundant call ensures that NAPI teardown is handled automatically by unregister_netdev(), thereby preventing the unnecessary warnings and improving the overall stability of USB device management.

Affected Version(s)

Linux e110bc82589752909e283ba5cbc160e0ab56c085 < 20ce2bd1c1848414c5d3520d301ed3f5751ed634

Linux e110bc82589752909e283ba5cbc160e0ab56c085 < 395a8b903738511f536c97c427e15ef038e1a11c

Linux e110bc82589752909e283ba5cbc160e0ab56c085 < 312c816c6bc30342bc30dca0d6db617ab4d3ae4e

References

https://git.kernel.org/stable/c/20ce2bd1c1848414c5d3520d3...

https://git.kernel.org/stable/c/395a8b903738511f536c97c42...

https://git.kernel.org/stable/c/312c816c6bc30342bc30dca0d...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43479 Data

JSON