CVE-2026-43340: comedi: Reinit dev->spinlock between attachments to low-level drivers

Linux kernel CVE announcements
 help / color / mirror / Atom feed

* CVE-2026-43340: comedi: Reinit dev->spinlock between attachments to low-level drivers
@ 2026-05-08 13:37 Greg Kroah-Hartman
  0 siblings, 0 replies; only message in thread
From: Greg Kroah-Hartman @ 2026-05-08 13:37 UTC (permalink / raw)
  To: linux-cve-announce; +Cc: Greg Kroah-Hartman

From: Greg Kroah-Hartman <gregkh@kernel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

comedi: Reinit dev->spinlock between attachments to low-level drivers

`struct comedi_device` is the main controlling structure for a COMEDI
device created by the COMEDI subsystem.  It contains a member `spinlock`
containing a spin-lock that is initialized by the COMEDI subsystem, but
is reserved for use by a low-level driver attached to the COMEDI device
(at least since commit 25436dc9d84f ("Staging: comedi: remove RT
code")).

Some COMEDI devices (those created on initialization of the COMEDI
subsystem when the "comedi.comedi_num_legacy_minors" parameter is
non-zero) can be attached to different low-level drivers over their
lifetime using the `COMEDI_DEVCONFIG` ioctl command.  This can result in
inconsistent lock states being reported when there is a mismatch in the
spin-lock locking levels used by each low-level driver to which the
COMEDI device has been attached.  Fix it by reinitializing
`dev->spinlock` before calling the low-level driver's `attach` function
pointer if `CONFIG_LOCKDEP` is enabled.

The Linux kernel CVE team has assigned CVE-2026-43340 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 5.10.253 with commit 3181c34b415c5464be9d34bff3e43ef63b747039
	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 5.15.203 with commit 2b1f49e4fdff3ef0f8e9158bbb5b149e06287560
	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.1.168 with commit 4d5ffe524903a30e2e0da7d16841a56bec2de55c
	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.6.134 with commit c01bcc67a9a692d65508ebd480405b5e77d562b7
	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.12.81 with commit 430291d8f3884f57ae0057049b0ca291453e29e1
	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.18.22 with commit b89c026227712c367950bbae055a5b31073d3b30
	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.19.12 with commit 83134a7a176ce5b4b19b6edecf4360e8d98d1a5a
	Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 7.0 with commit 4b9a9a6d71e3e252032f959fb3895a33acb5865c

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2026-43340
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/comedi/drivers.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/3181c34b415c5464be9d34bff3e43ef63b747039
	https://git.kernel.org/stable/c/2b1f49e4fdff3ef0f8e9158bbb5b149e06287560
	https://git.kernel.org/stable/c/4d5ffe524903a30e2e0da7d16841a56bec2de55c
	https://git.kernel.org/stable/c/c01bcc67a9a692d65508ebd480405b5e77d562b7
	https://git.kernel.org/stable/c/430291d8f3884f57ae0057049b0ca291453e29e1
	https://git.kernel.org/stable/c/b89c026227712c367950bbae055a5b31073d3b30
	https://git.kernel.org/stable/c/83134a7a176ce5b4b19b6edecf4360e8d98d1a5a
	https://git.kernel.org/stable/c/4b9a9a6d71e3e252032f959fb3895a33acb5865c

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2026-05-08 13:37 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-08 13:37 CVE-2026-43340: comedi: Reinit dev->spinlock between attachments to low-level drivers Greg Kroah-Hartman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox