CVE-2026-43353

HIGH

i3c: mipi-i3c-hci: Fix race in DMA ring dequeue

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple transfers that timeout around the same time. However, the function is not serialized and can race with itself. When a timeout occurs, hci_dma_dequeue_xfer() stops the ring, processes incomplete transfers, and then restarts the ring. If another timeout triggers a parallel call into the same function, the two instances may interfere with each other - stopping or restarting the ring at unexpected times. Add a mutex so that hci_dma_dequeue_xfer() is serialized with respect to itself.

References (3)

Core 3

Core References

https://git.kernel.org/stable/c/b684b420a5bb0ea1b0e13abfdb8ce41c5266e62e

https://git.kernel.org/stable/c/4faa1e9c67a2229f6749190aedaf88ce0391efd2

https://git.kernel.org/stable/c/1dca8aee80eea76d2aae21265de5dd64f6ba0f09

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (10)

Linux/Linux < 5.11

Linux/Linux 5.11

Linux/Linux 6.18.19 - 6.18.*

Linux/Linux 6.19.9 - 6.19.*

Linux/Linux 7.0

Linux/Linux 9ad9a52cce2828d932ae9495181e3d6414f72c07 - 1dca8aee80eea76d2aae21265de5dd64f6ba0f09

Linux/Linux 9ad9a52cce2828d932ae9495181e3d6414f72c07 - 4faa1e9c67a2229f6749190aedaf88ce0391efd2

Linux/Linux 9ad9a52cce2828d932ae9495181e3d6414f72c07 - b684b420a5bb0ea1b0e13abfdb8ce41c5266e62e

linux/linux_kernel 7.0 rc1 (3 CPE variants)

linux/linux_kernel 5.11 - 6.18.19

Published May 08, 2026

Tracked Since May 08, 2026