* CVE-2026-43484: mmc: core: Avoid bitfield RMW for claim/retune flags
@ 2026-05-13 15:08 Greg Kroah-Hartman
0 siblings, 0 replies; only message in thread
From: Greg Kroah-Hartman @ 2026-05-13 15:08 UTC (permalink / raw)
To: linux-cve-announce; +Cc: Greg Kroah-Hartman
From: Greg Kroah-Hartman <gregkh@kernel.org>
Description
===========
In the Linux kernel, the following vulnerability has been resolved:
mmc: core: Avoid bitfield RMW for claim/retune flags
Move claimed and retune control flags out of the bitfield word to
avoid unrelated RMW side effects in asynchronous contexts.
The host->claimed bit shared a word with retune flags. Writes to claimed
in __mmc_claim_host() or retune_now in mmc_mq_queue_rq() can overwrite
other bits when concurrent updates happen in other contexts, triggering
spurious WARN_ON(!host->claimed). Convert claimed, can_retune,
retune_now and retune_paused to bool to remove shared-word coupling.
The Linux kernel CVE team has assigned CVE-2026-43484 to this issue.
Affected and fixed versions
===========================
Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 5.15.203 with commit 41dce4dae583a8ce06a7ebf4ce704c46a142957c
Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.1.167 with commit bb7fc2498c3bb25fa6a91f22f4760005325cfbd5
Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.6.130 with commit 270277c2ab631044867adb1bd2f2433d3892de6e
Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.12.78 with commit 45038e03f15e992c48603fff8c6b1c9be5397ac9
Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.18.19 with commit 0e06cc511c61cff1591e5435a207759adcc76b6d
Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 6.19.9 with commit d3a3caf44c8ec26f5d63dc17c1c7242effa60ebc
Issue introduced in 4.15 with commit 6c0cedd1ef9527ef13e66875746570e76a3188a7 and fixed in 7.0 with commit 901084c51a0a8fb42a3f37d2e9c62083c495f824
Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.
Unaffected versions might change over time as fixes are backported to
older supported kernel versions. The official CVE entry at
https://cve.org/CVERecord/?id=CVE-2026-43484
will be updated if fixes are backported, please check that for the most
up to date information about this issue.
Affected files
==============
The file(s) affected by this issue are:
include/linux/mmc/host.h
Mitigation
==========
The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes. Individual
changes are never tested alone, but rather are part of a larger kernel
release. Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all. If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
https://git.kernel.org/stable/c/41dce4dae583a8ce06a7ebf4ce704c46a142957c
https://git.kernel.org/stable/c/bb7fc2498c3bb25fa6a91f22f4760005325cfbd5
https://git.kernel.org/stable/c/270277c2ab631044867adb1bd2f2433d3892de6e
https://git.kernel.org/stable/c/45038e03f15e992c48603fff8c6b1c9be5397ac9
https://git.kernel.org/stable/c/0e06cc511c61cff1591e5435a207759adcc76b6d
https://git.kernel.org/stable/c/d3a3caf44c8ec26f5d63dc17c1c7242effa60ebc
https://git.kernel.org/stable/c/901084c51a0a8fb42a3f37d2e9c62083c495f824
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-05-13 15:09 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-13 15:08 CVE-2026-43484: mmc: core: Avoid bitfield RMW for claim/retune flags Greg Kroah-Hartman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox