PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43415 Linux CVE debrief

CVE-2026-43415 is a Linux kernel availability issue in the UFS core suspend path. The NVD record and kernel fix description indicate a race in __ufshcd_wl_suspend(): cancel_delayed_work_sync() was called too late, allowing ufshcd_rtc_work() to overlap with ufshcd_vops_suspend(). On systems without UFSHCD_CAP_CLK_GATING, that overlap can lead to ufshcd_update_rtc() running while suspend-time clock gating is in progress, which can trigger an asynchronous SError and kernel panic. NVD rates the issue 4.7 MEDIUM, and the published record was updated on 2026-05-21.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 4.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-08
Original CVE updated
2026-05-21
Advisory published
2026-05-08
Advisory updated
2026-05-21

Who should care

Linux kernel maintainers, distro kernel teams, OEMs, and operators running affected kernel versions with UFS storage and suspend/resume paths enabled. This is especially relevant where availability and panic resilience matter, since the impact is a kernel crash rather than data exposure.

Technical summary

The flaw is a timing/race condition (CWE-362) in the UFS suspend flow. Per the supplied description, __ufshcd_wl_suspend() originally canceled the delayed RTC work after ufshcd_vops_suspend(hba, pm_op, POST_CHANGE). That ordering left a window where ufshcd_rtc_work() could still execute during suspend. If UFSHCD_CAP_CLK_GATING is not supported, the work path can proceed to ufshcd_update_rtc(); because suspend operations typically gate clocks, that access can cause an asynchronous SError on arm64 and panic the kernel. The supplied fix is to move cancel_delayed_work_sync() earlier so RTC work is fully completed or canceled before suspend proceeds.

Defensive priority

Medium. The published CVSS is 4.7/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, which aligns with a local, availability-focused issue. Treat as high priority for systems that rely on UFS suspend/resume stability, because the failure mode is a kernel panic.

Recommended defensive actions

  • Apply the kernel fix or backport the referenced stable patches into affected Linux kernel builds.
  • Verify your shipped kernel version against the affected ranges listed by NVD: 6.6.81-6.6.130, 6.8-6.12.78, 6.13-6.18.19, 6.19-6.19.9, and 7.0-rc1 through 7.0-rc3.
  • Prioritize devices that use UFS storage and enter suspend/resume states, since the vulnerable path is in UFS suspend handling.
  • Confirm downstream vendor kernels include the reorder of cancel_delayed_work_sync() ahead of the UFS suspend callbacks.
  • Test suspend/resume behavior after patching to ensure the RTC work no longer overlaps suspend-time clock gating.

Evidence notes

This debrief is based on the supplied CVE description and the official NVD record. The source states that moving cancel_delayed_work_sync() before ufshcd_vops_suspend() prevents ufshcd_rtc_work() from racing with suspend-time clock gating and avoids the asynchronous SError panic. NVD lists CVSS 3.1 vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, CWE-362, and the affected Linux kernel version ranges. The record was published on 2026-05-08 and modified on 2026-05-21. Five kernel.org stable patch references are included in the source corpus.

Official resources

Publicly listed by NVD on 2026-05-08 and updated on 2026-05-21. The supplied corpus includes the kernel fix references and the technical root cause description, but no vendor advisory or exploit details.