CVE-2026-43430
Published: May 21, 2026Last modified: May 21, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which probing can overwrite already retrieved data.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.7 |
| Attack Vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.167-r0) |
| 25 LTS | linux-lts | Fixed (6.12.80-r0) | |
| Stream | linux-lts | Fixed (6.12.80-r0) |
References
- https://git.kernel.org/stable/c/3cec135415a89723e2d38e1c8cc5098203355965
- https://git.kernel.org/stable/c/687d26d43a5aaf44323ce7d601cf242bb87e9559
- https://git.kernel.org/stable/c/7a875c09899ba0404844abfd8f0d54cdc481c151
- https://git.kernel.org/stable/c/939e3d17b843b0bae70467fef4481069d73c8520
- https://git.kernel.org/stable/c/a41d3d9202e951995cfac6248c565423079c71fa
- https://git.kernel.org/stable/c/a7934d7202a39c3160aa30521c382c7b744ae4a2
- https://git.kernel.org/stable/c/a8b3b3d730acea1640bc89465f2832cf06a1e13a
- https://git.kernel.org/stable/c/af83e92c329f11139d5eea2b5b7b83c26c3f67e7