CVE-2026-43275
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS_PM_LVL_0. When the RPM level is zero, the device power mode and link state both remain active. Previously, the UFS core driver bypassed flushing exception event handling jobs in this configuration. This created a race condition where the driver could attempt to access the host controller to handle an exception after the system had already entered a deep power-down state, resulting in a system crash. Explicitly flush this work and disable auto BKOPs before the suspend callback proceeds. This guarantees that pending exception tasks complete and prevents illegal hardware access during the power-down sequence.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2026-43275 NameCVE-2026-43275 DescriptionIn the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS_PM_LVL_0. When the RPM level is zero, the device power mode and link state bothβ¦
CVE-2026-43275
| Name | CVE-2026-43275 |
| Description | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS_PM_LVL_0. When the RPM level is zero, the device power mode and link state both remain active. Previously, the UFS core driver bypassed flushing exception event handling jobs in this configuration. This created a race condition where the driver could attempt to access the host controller to handle an exception after the system had already entered a deep power-down state, resulting in a system crash. Explicitly flush this work and disable auto BKOPs before the suspend callback proceeds. This guarantees that pending exception tasks complete and prevents illegal hardware access during the power-down sequence. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| linux (PTS) | bullseye | 5.10.223-1 | vulnerable |
| bullseye (security) | 5.10.257-1 | vulnerable | |
| bookworm | 6.1.170-3 | fixed | |
| bookworm (security) | 6.1.174-1 | fixed | |
| trixie | 6.12.86-1 | fixed | |
| trixie (security) | 6.12.90-2 | fixed | |
| forky, sid | 7.0.10-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| linux | source | bookworm | 6.1.170-1 | |||
| linux | source | trixie | 6.12.85-1 | |||
| linux | source | (unstable) | 6.19.6-1 |
Notes
https://git.kernel.org/linus/f8ef441811ec413717f188f63d99182f30f0f08e (7.0-rc1)
Apply commands
https://git.kernel.org/linus/f8ef441811ec413717f188f63d99182f30f0f08e (7.0-rc1)OS impact
Linux kernel Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | 5.15.202 |
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
Debian Mixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.12.85-1 |
| sid | Fixed | 6.19.6-1 |
| forky | Fixed | 6.19.6-1 |
| bullseye | Affected | β |
| bookworm | Fixed | 6.1.170-1 |
References
- https://git.kernel.org/stable/c/5d186731bc335cc049d4e57ab9f563cfab95593e
- https://git.kernel.org/stable/c/78d8e2d6352e8317686ee3a44811ac14c415a57d
- https://git.kernel.org/stable/c/aa8d68d97c7f0ef966e51afc17fdbdc372700edf
- https://git.kernel.org/stable/c/aac2fee7513dd25042a616f86a1469b4858d2c5c
- https://git.kernel.org/stable/c/ab71c146c135f9af1614ef0fc29a0a3b84f1a373
- https://git.kernel.org/stable/c/d5c3a1a13f97355c397f9439d79cb04b182958a3
- https://git.kernel.org/stable/c/f8ef441811ec413717f188f63d99182f30f0f08e
- https://www.suse.com/security/cve/CVE-2026-43275.html
- https://security-tracker.debian.org/tracker/CVE-2026-43275
CWEs
CWE-362
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.