CVE-2026-43211

/* * PoC Concept for CVE-2026-43211 * This is a kernel module concept to trigger the pci_slot_trylock path. * Compile with: make -C /lib/modules/$(uname -r)/build M=$(pwd) modules */ #include <linux/module.h> #include <linux/kernel.h> #include <linux/pci.h> static int __init poc_init(void) { struct pci_dev *dev = NULL; // Iterate through PCI devices to find one with a subordinate bus // to potentially trigger the specific code path in pci_slot_trylock. // Note: Triggering the exact race condition or failure path // requires specific hardware state or contention on the bus lock. // This snippet demonstrates the context where the vulnerability exists. printk(KERN_INFO "CVE-2026-43211 PoC: Attempting to trigger pci_slot_trylock logic\n"); // Hypothetical trigger logic: // In a real scenario, one would need to call pci_slot_trylock on a device // where dev->subordinate exists and pci_bus_trylock fails. return 0; } static void __exit poc_exit(void) { printk(KERN_INFO "CVE-2026-43211 PoC: Unloading module\n"); } module_init(poc_init); module_exit(poc_exit); MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("PoC for CVE-2026-43211");

{"cve": {"id": "CVE-2026-43211", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-06T12:16:40.527", "lastModified": "2026-05-11T19:58:10.490", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Fix pci_slot_trylock() error handling\n\nCommit a4e772898f8b (\"PCI: Add missing bridge lock to pci_bus_lock()\")\ndelegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in\npci_slot_trylock(), but it forgets to remove the corresponding\npci_dev_unlock() when pci_bus_trylock() fails.\n\nBefore a4e772898f8b, the code did:\n\n if (!pci_dev_trylock(dev)) /* <- lock bridge device */\n goto unlock;\n if (dev->subordinate) {\n if (!pci_bus_trylock(dev->subordinate)) {\n pci_dev_unlock(dev); /* <- unlock bridge device */\n goto unlock;\n }\n }\n\nAfter a4e772898f8b the bridge-device lock is no longer taken, but the\npci_dev_unlock(dev) on the failure path was left in place, leading to the\nbug.\n\nThis yields one of two errors:\n\n 1. A warning that the lock is being unlocked when no one holds it.\n 2. An incorrect unlock of a lock that belongs to another thread.\n\nFix it by removing the now-redundant pci_dev_unlock(dev) on the failure\npath.\n\n[Same patch later posted by Keith at\nhttps://patch.msgid.link/[email protected]]"}], "metrics": {"cvssMetricV31": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-667"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.322", "versionEndExcluding": "4.20", "matchCriteriaId": "A3FCD7A0-ABE5-49E8-A47C-F0169215C4B7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.284", "versionEndExcluding": "5.5", "matchCriteriaId": "69E2B19B-E681-4963-ABD2-D4141E9A6B64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.226", "versionEndExcluding": "5.10.252", "matchCriteriaId": "46ED7BB3-F580-4BF5-AF52-3D115F1A672E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.167", "versionEndExcluding": "5.15.202", "matchCriteriaId": "CA8574EF-E0E5-423A-A5D7-CEDCF7FDEB8C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.110", "versionEndExcluding": "6.1.165", "matchCriteriaId": "D575C1E8-668C-41F9-8A8F-30FDF5C45F1A"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.51", "versionEndExcluding": "6.6.128", "matchCriteriaId": "E939C709-7387-4CDF-B846-AD633A16F152"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.10.10", "versionEndExcluding": "6.12.75", "matchCriteriaId": "FF19907D-B1E9-49EB-8A88-5F3EF276ADDE"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.13", "versionEndExcluding": "6.18.16", "matchCriteriaId": "B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.6", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0425aaf20b407d2f2cf3bf469808e4a35f9abb8b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/8b08ea9690b212b7bf7f12414039259cf34b1aa0", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/9368d1ee62829b08aa31836b3ca003803caf0b72", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/943ed56606a7ab2fe5a99cad572dd17d484310c7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/a19b61fdb958ffadbba85b43c991eb9fc70c1c1c", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/bd435f4b738130d732ef64e0e57e45185f77165d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.ke ... (truncated)