From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C57943E3157 for ; Fri, 8 May 2026 13:37:31 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778247451; cv=none; b=V+qprv6j+7X84E1xkpmoNIXZUK8C5nnUcdBoI6FGIxo3dxFObv1yvUsA3METmLK5Sdpv4BeKym0N0WsxMCxbmawoakSJzy0O1XB0A7Sc2epKN/WIFeoVNoXEgP8Z5I8L1/qnAZyT6hH4tcq/ojRt9kvxXNns7URb5Y0cU/L+Pko= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778247451; c=relaxed/simple; bh=bcp0w8JcMwldwNKe/3lWhudFdyz72uiuVQKy0FkmAMA=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=NamVab3D/k5S23sl855WFZm8tkgtPbCi0y6m2QkbKHctBLM/ARyot8+Cj/m5NFK+kDlIBGWlHZ8YJ5iXIzDpLNY9klO62x2UbATLXF8yhi9YbhrbcZNGt0tMYN3KzrcjBAXdFhpfWlS+cQHx9By6gjESe+HAmIp0ckSL1VWqYLg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=f/x9uFB1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="f/x9uFB1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 09BACC2BCB0; Fri, 8 May 2026 13:37:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1778247451; bh=bcp0w8JcMwldwNKe/3lWhudFdyz72uiuVQKy0FkmAMA=; h=From:To:Cc:Subject:Date:Reply-To:From; b=f/x9uFB1p9vWmmsZ1uhGfhXZJURZ4ZXUsPKudCHiokIuYy08wGmTk9Ag+GD0fVdL8 LauLtRI/GTWQvnjTkVCk/iM/xxuzVumX4Y/sm+sTdyzQa2TfMHSvJTjw0rwhGove/N kzducjH0Ky+qCr6wSscLIfQJHt/Yy8HK16dmzUFo= From: Greg Kroah-Hartman To: linux-cve-announce@vger.kernel.org Cc: Greg Kroah-Hartman Subject: CVE-2026-43340: comedi: Reinit dev->spinlock between attachments to low-level drivers Date: Fri, 8 May 2026 15:37:23 +0200 Message-ID: <2026050822-CVE-2026-43340-6939@gregkh> X-Mailer: git-send-email 2.54.0 Reply-To: , Precedence: bulk X-Mailing-List: linux-cve-announce@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=4130; i=gregkh@linuxfoundation.org; h=from:subject:message-id; bh=rZK3NO73szbxwRPrPfzH+ueJgFmze7yOASjdJkasvAM=; b=owGbwMvMwCRo6H6F97bub03G02pJDJl/nwvxc5wv2nMmdsLktkme3lN650bdMuauKAhnyw2yV Kv5uoSvI5aFQZCJQVZMkeXLNp6j+ysOKXoZ2p6GmcPKBDKEgYtTACaieZFhnkmI2ZHwjb13U6/f nxV86abHvrvLehjmF9s9e7Hnf/L9yhMex166dsU185WWAAA= X-Developer-Key: i=gregkh@linuxfoundation.org; a=openpgp; fpr=F4B60CC5BF78C2214A313DCB3147D40DDB2DFB29 Content-Transfer-Encoding: 8bit From: Greg Kroah-Hartman Description =========== In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member `spinlock` containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")). Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedi_num_legacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the `COMEDI_DEVCONFIG` ioctl command. This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing `dev->spinlock` before calling the low-level driver's `attach` function pointer if `CONFIG_LOCKDEP` is enabled. The Linux kernel CVE team has assigned CVE-2026-43340 to this issue. Affected and fixed versions =========================== Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 5.10.253 with commit 3181c34b415c5464be9d34bff3e43ef63b747039 Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 5.15.203 with commit 2b1f49e4fdff3ef0f8e9158bbb5b149e06287560 Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.1.168 with commit 4d5ffe524903a30e2e0da7d16841a56bec2de55c Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.6.134 with commit c01bcc67a9a692d65508ebd480405b5e77d562b7 Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.12.81 with commit 430291d8f3884f57ae0057049b0ca291453e29e1 Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.18.22 with commit b89c026227712c367950bbae055a5b31073d3b30 Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 6.19.12 with commit 83134a7a176ce5b4b19b6edecf4360e8d98d1a5a Issue introduced in 2.6.29 with commit ed9eccbe8970f6eedc1b978c157caf1251a896d4 and fixed in 7.0 with commit 4b9a9a6d71e3e252032f959fb3895a33acb5865c Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2026-43340 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/comedi/drivers.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/3181c34b415c5464be9d34bff3e43ef63b747039 https://git.kernel.org/stable/c/2b1f49e4fdff3ef0f8e9158bbb5b149e06287560 https://git.kernel.org/stable/c/4d5ffe524903a30e2e0da7d16841a56bec2de55c https://git.kernel.org/stable/c/c01bcc67a9a692d65508ebd480405b5e77d562b7 https://git.kernel.org/stable/c/430291d8f3884f57ae0057049b0ca291453e29e1 https://git.kernel.org/stable/c/b89c026227712c367950bbae055a5b31073d3b30 https://git.kernel.org/stable/c/83134a7a176ce5b4b19b6edecf4360e8d98d1a5a https://git.kernel.org/stable/c/4b9a9a6d71e3e252032f959fb3895a33acb5865c