CVE-2026-43484: mmc: core: Avoid bitfield RMW for claim/retune flags

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

From: Greg Kroah-Hartman <gregkh@kernel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

mmc: core: Avoid bitfield RMW for claim/retune flags

Move claimed and retune control flags out of the bitfield word to
avoid unrelated RMW side effects in asynchronous contexts.

The host->claimed bit shared a word with retune flags. Writes to claimed
in __mmc_claim_host() or retune_now in mmc_mq_queue_rq() can overwrite
other bits when concurrent updates happen in other contexts, triggering
spurious WARN_ON(!host->claimed). Convert claimed, can_retune,
retune_now and retune_paused to bool to remove shared-word coupling.

The Linux kernel CVE team has assigned CVE-2026-43484 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 5.15.203 with commit 41dce4dae583a8ce06a7ebf4ce704c46a142957c
	Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.1.167 with commit bb7fc2498c3bb25fa6a91f22f4760005325cfbd5
	Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.6.130 with commit 270277c2ab631044867adb1bd2f2433d3892de6e
	Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.12.78 with commit 45038e03f15e992c48603fff8c6b1c9be5397ac9
	Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.18.19 with commit 0e06cc511c61cff1591e5435a207759adcc76b6d
	Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.19.9 with commit d3a3caf44c8ec26f5d63dc17c1c7242effa60ebc
	Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 7.0 with commit 901084c51a0a8fb42a3f37d2e9c62083c495f824

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2026-43484
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	include/linux/mmc/host.h


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/41dce4dae583a8ce06a7ebf4ce704c46a142957c
	https://git.kernel.org/stable/c/bb7fc2498c3bb25fa6a91f22f4760005325cfbd5
	https://git.kernel.org/stable/c/270277c2ab631044867adb1bd2f2433d3892de6e
	https://git.kernel.org/stable/c/45038e03f15e992c48603fff8c6b1c9be5397ac9
	https://git.kernel.org/stable/c/0e06cc511c61cff1591e5435a207759adcc76b6d
	https://git.kernel.org/stable/c/d3a3caf44c8ec26f5d63dc17c1c7242effa60ebc
	https://git.kernel.org/stable/c/901084c51a0a8fb42a3f37d2e9c62083c495f824