CVE-2026-43353 Git CVE debrief

Who should care

Linux kernel maintainers, distro and embedded OS vendors, and operators of systems that use the mipi-i3c-hci driver or I3C hardware relying on DMA transfer timeout handling. Security teams responsible for kernel patch management should treat this as a priority if the affected driver is present in production builds.

Technical summary

The vulnerable path is hci_dma_dequeue_xfer() in the Linux kernel's I3C MIPI HCI DMA logic. The function can be entered more than once when separate transfers time out near the same time. Because the routine was not serialized, one instance could stop the ring or restart it while another instance was still processing incomplete transfers, creating an unsafe interleaving. The stated remediation is to add a mutex so the dequeue operation is serialized with respect to itself.

Defensive priority

High. The CVSS vector provided by NVD is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local attack requirements but potentially high impact. Even so, the practical exposure is limited to systems using the specific kernel driver path, so patching should be prioritized for embedded and infrastructure systems that include mipi-i3c-hci support.

Recommended defensive actions

• Apply the kernel fix or consume a vendor kernel build that includes the mutex serialization change for hci_dma_dequeue_xfer().
• Inventory Linux systems that include the mipi-i3c-hci driver and any I3C hardware using DMA timeout handling.
• Prioritize patching embedded devices, appliances, and appliances-like infrastructure where kernel updates are slower and I3C hardware may be present.
• Monitor for repeated DMA transfer timeouts or instability in I3C-related device I/O as part of routine validation after updating.
• Track downstream vendor advisories and stable kernel backports referenced by the official Linux kernel links for this CVE.

Evidence notes

This debrief is based on the CVE description and the official NVD metadata supplied in the corpus. The CVE text states that hci_dma_dequeue_xfer() may be invoked in parallel for timeouts, causing the DMA ring stop/start sequence to race with itself, and that the fix is to serialize the function with a mutex. NVD lists the CVSS vector as CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H and includes three kernel.org stable references associated with the record. No additional claims about affected versions, exploitability beyond the supplied vector, or patch contents were used.

Official resources