CVE-2026-43007

Source
https://cve.org/CVERecord?id=CVE-2026-43007
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43007.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43007
Downstream
Published
2026-05-01T14:15:14.914Z
Modified
2026-06-18T03:56:45.007135294Z
Summary
accel/qaic: Handle DBC deactivation if the owner went away
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: Handle DBC deactivation if the owner went away

When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host over the QAICCONTROL MHI channel. QAIC handles this by calling decodedeactivate() to release the resources allocated for that DBC. Since that handling is done in the qaicmanageioctl() context, if the user goes away before receiving and handling the deactivation, the host will be out-of-sync with the DBCs available for use, and the DBC resources will not be freed unless the device is removed. If another user loads and requests to activate a network, then the device assigns the same DBC to that network, QAIC will "indefinitely" wait for dbc->in_use = false, leading the user process to hang.

As a solution to this, handle QAICTRANSDEACTIVATEFROMDEV transactions that are received after the user has gone away.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43007.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
129776ac2e38231fa9c02ce20e116c99de291666
Fixed
2dd67966f39a2abf8ccb4865031c722e40e01b7f
Fixed
08021f2d4a557d6491e3bcc288e96425f50aa3cf
Fixed
f403094d9075d7c565a3d81002b781c325cb3c07
Fixed
ee0180e77e6c8482644569632065411de844c515
Fixed
2feec5ae5df785658924ab6bd91280dc3926507c

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43007.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.134
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.81
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.22
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.12

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43007.json"