PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43343 Linux CVE debrief

CVE-2026-43343 is a Linux kernel USB gadget bug in the f_subset function where geth_alloc() increments a reference count but geth_free() did not decrement it. According to the supplied record, this left cleanup unbalanced and prevented configuration of attributes via configfs after unlinking the function. The fix is a reference-count decrement in geth_free() to restore proper teardown and post-unlink configuration behavior.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-18
Advisory published
2026-05-08
Advisory updated
2026-05-18

Who should care

Linux kernel maintainers, distro kernel teams, embedded Linux vendors, and operators who use USB gadget mode or configfs-managed gadget functions should review this fix. Systems that do not use the USB gadget f_subset path are less likely to be affected.

Technical summary

The issue is a kernel-side lifecycle bug in usb: gadget: f_subset. geth_alloc() raises a refcount, but geth_free() failed to release it, creating an unbalanced reference count during function teardown. The visible consequence in the source description is that configfs attribute configuration stops working after the function is unlinked. NVD lists the weakness as NVD-CWE-Other and scores the issue CVSS 3.1 as AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local, low-privilege access with high availability impact.

Defensive priority

Medium. Prioritize if you ship kernels for systems that use USB gadget features, especially where configfs is used to manage gadget functions. Apply the upstream/stable fixes when backports are available.

Recommended defensive actions

  • Update to a kernel release that includes the f_subset geth_free refcount fix.
  • If you maintain a downstream kernel, verify the stable backport for your branch and pull the corresponding patch.
  • Review systems that rely on USB gadget configfs management for any post-unlink configuration failures.
  • Confirm whether your deployed kernels fall within the affected ranges listed by NVD, especially the long-term support branches and release candidates named in the record.
  • Track vendor advisories or stable kernel updates if you ship embedded or appliance images based on Linux.

Evidence notes

All claims here are based on the supplied CVE record and NVD metadata. The record states that geth_alloc() increments a reference count and geth_free() failed to decrement it, causing configfs attribute configuration problems after unlinking the function. NVD marks the vulnerability as analyzed and provides affected kernel CPE ranges spanning multiple release lines, including 3.11 through fixed point releases in the 5.10, 5.15, 6.1, 6.6, 6.12, 6.18, and 6.19 series, plus 7.0 rc1 through rc6. The supplied references include multiple kernel.org stable patch links, indicating backported fixes.

Official resources

CVE published 2026-05-08 and last modified 2026-05-18. Use the published date for chronology; the later modified date reflects metadata updates.