CVE-2026-43319

Source
https://cve.org/CVERecord?id=CVE-2026-43319
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43319.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43319
Downstream
Published
2026-05-08T13:26:14.231Z
Modified
2026-06-18T03:55:32.723062650Z
Summary
spi: spidev: fix lock inversion between spi_lock and buf_lock
Details

In the Linux kernel, the following vulnerability has been resolved:

spi: spidev: fix lock inversion between spilock and buflock

The spidev driver previously used two mutexes, spilock and buflock, but acquired them in different orders depending on the code path:

write()/read(): buflock -> spilock ioctl(): spilock -> buflock

This AB-BA locking pattern triggers lockdep warnings and can cause real deadlocks:

WARNING: possible circular locking dependency detected spidevioctl() -> mutexlock(&spidev->buflock) spidevsyncwrite() -> mutexlock(&spidev->spi_lock) *** DEADLOCK ***

The issue is reproducible with a simple userspace program that performs write() and SPIIOCWRMAXSPEED_HZ ioctl() calls from separate threads on the same spidev file descriptor.

Fix this by simplifying the locking model and removing the lock inversion entirely. spidevsync() no longer performs any locking, and all callers serialize access using spilock.

buflock is removed since its functionality is fully covered by spilock, eliminating the possibility of lock ordering issues.

This removes the lock inversion and prevents deadlocks without changing userspace ABI or behaviour.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43319.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
a720416d94634068951773cb9e9d6f1b73769e5b
Fixed
fabfed1afe273717ea33b8aee46b767360edbb80
Fixed
f8431b8672231d378b03176fe74c95adfd3522cf
Fixed
e341e18215030af2136836b78508e0d798916df7
Fixed
41ccfac7d302968a4f32b5f7b012d066c5f5cdf8
Fixed
40534d19ed2afb880ecf202dab26a8e7a5808d16

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43319.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.142
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43319.json"