CVE-2026-43430

MEDIUM

usb: yurex: fix race in probe

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which probing can overwrite already retrieved data.

Scores

CVSS v3 4.7
EPSS 0.0009
EPSS Percentile 0.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-362
Status published
Products (35)
linux/Kernel 2.6.37 - 5.10.253linux
linux/Kernel 5.11.0 - 5.15.203linux
linux/Kernel 5.16.0 - 6.1.167linux
linux/Kernel 6.13.0 - 6.18.19linux
linux/Kernel 6.19.0 - 6.19.9linux
linux/Kernel 6.2.0 - 6.6.130linux
linux/Kernel 6.7.0 - 6.12.78linux
Linux/Linux < 2.6.37
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 3cec135415a89723e2d38e1c8cc5098203355965
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 687d26d43a5aaf44323ce7d601cf242bb87e9559
... and 25 more
Published May 08, 2026
Tracked Since May 08, 2026