目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2026-43340— Linux kernel 安全漏洞

AI Predicted 3.3 Difficulty: Moderate EPSS 0.11% · P2

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 18

ベンダープロダクトVersion Rangeステータス
LinuxLinuxed9eccbe8970f6eedc1b978c157caf1251a896d4< 3181c34b415c5464be9d34bff3e43ef63b747039affected
ed9eccbe8970f6eedc1b978c157caf1251a896d4< 2b1f49e4fdff3ef0f8e9158bbb5b149e06287560affected
ed9eccbe8970f6eedc1b978c157caf1251a896d4< 4d5ffe524903a30e2e0da7d16841a56bec2de55caffected
ed9eccbe8970f6eedc1b978c157caf1251a896d4< c01bcc67a9a692d65508ebd480405b5e77d562b7affected
ed9eccbe8970f6eedc1b978c157caf1251a896d4< 430291d8f3884f57ae0057049b0ca291453e29e1affected
ed9eccbe8970f6eedc1b978c157caf1251a896d4< b89c026227712c367950bbae055a5b31073d3b30affected
ed9eccbe8970f6eedc1b978c157caf1251a896d4< 83134a7a176ce5b4b19b6edecf4360e8d98d1a5aaffected
ed9eccbe8970f6eedc1b978c157caf1251a896d4< 4b9a9a6d71e3e252032f959fb3895a33acb5865caffected
… +10 more rows
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2026-43340の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
comedi: Reinit dev->spinlock between attachments to low-level drivers
ソース: NVD (National Vulnerability Database)
脆弱性説明
In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member `spinlock` containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")). Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedi_num_legacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the `COMEDI_DEVCONFIG` ioctl command. This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing `dev->spinlock` before calling the low-level driver's `attach` function pointer if `CONFIG_LOCKDEP` is enabled.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Linux kernel 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于COMEDI设备在重新附加不同底层驱动时未重新初始化dev->spinlock,可能导致锁状态不一致。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
LinuxLinux ed9eccbe8970f6eedc1b978c157caf1251a896d4 ~ 3181c34b415c5464be9d34bff3e43ef63b747039 -
LinuxLinux 2.6.29 -

II. CVE-2026-43340の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2026-43340のインテリジェンス情報

登录查看更多情报信息。

CVE-2026-43340 补丁与修复 (8)

Same Patch Batch · Linux · 2026-05-08 · 197 CVEs total

CVE-2026-434149.8 CRITICALscsi: qla2xxx: Completely fix fcport double free
CVE-2026-433419.8 CRITICALnet/ipv6: ioam6: prevent schema length wraparound in trace fill
CVE-2026-434029.8 CRITICALkthread: consolidate kthread exit paths to prevent use-after-free
CVE-2026-433849.8 CRITICALnet/tcp-ao: Fix MAC comparison to be constant-time
CVE-2026-433049.8 CRITICALlibceph: define and enforce CEPH_MAX_KEY_LEN
CVE-2026-433799.8 CRITICALksmbd: fix use-after-free in smb_lazy_parent_lease_break_close()
CVE-2026-433769.8 CRITICALksmbd: fix use-after-free by using call_rcu() for oplock_info
CVE-2026-434659.8 CRITICALnet/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ
CVE-2026-433789.8 CRITICALsmb: server: fix use-after-free in smb2_open()
CVE-2026-433839.4 CRITICALnet/tcp-md5: Fix MAC comparison to be constant-time
CVE-2026-434079.1 CRITICALlibceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
CVE-2026-434069.1 CRITICALlibceph: prevent potential out-of-bounds reads in process_message_header()
CVE-2026-432848.8 HIGHxfrm: esp: avoid in-place decrypt on shared skb frags
CVE-2026-433228.8 HIGHBluetooth: hci_sync: Fix UAF in le_read_features_complete
CVE-2026-433348.8 HIGHBluetooth: SMP: force responder MITM requirements before building the pairing response
CVE-2026-434038.8 HIGHnsfs: tighten permission checks for ns iteration ioctls
CVE-2026-433918.8 HIGHnsfs: tighten permission checks for handle opening
CVE-2026-432918.3 HIGHnet: nfc: nci: Fix parameter validation for packet data
CVE-2026-434528.2 HIGHnetfilter: x_tables: guard option walkers against 1-byte tail reads
CVE-2026-434668.2 HIGHnet/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery

Showing 20 of 197 CVEs. View all on vendor page →

IV. 関連脆弱性

V. CVE-2026-43340へのコメント

まだコメントはありません


コメントを残す