CVE-2026-43446 Linux CVE debrief

Who should care

Linux kernel maintainers, distro security teams, and operators of systems that use the AMD XDNA accelerator driver (accel/amdxdna), especially where jobs are queued under runtime power management.

Technical summary

The source description says the runtime suspend callback drains the running job workqueue before suspending the device. If an in-flight job reaches pm_runtime_resume_and_get() during that window, the runtime suspend path and the job path can deadlock. NVD classifies the issue as CVSS 3.1 5.5/MEDIUM with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H and CWE-667. The listed fix moves pm_runtime_resume_and_get() from job execution to job submission so the device is resumed before the job is queued.

Defensive priority

Medium

Recommended defensive actions

• Apply the kernel fix referenced by the upstream stable patch links in the NVD record.
• Prioritize updates on systems that load or use the accel/amdxdna driver.
• Confirm whether deployed kernels match the vulnerable ranges listed by NVD: 6.19 through before 6.19.9, and 7.0-rc1 through 7.0-rc3.
• After patching, verify suspend/resume behavior under accelerator job load to ensure no hangs remain.
• Monitor for job queue stalls or suspend-related lockups on affected hosts until remediation is complete.

Evidence notes

This debrief is based on the supplied CVE description, the NVD analyzed record, and the official patch references listed there. The record states that the deadlock occurs when runtime suspend drains the running job workqueue while a job calls pm_runtime_resume_and_get(), and that the fix moves the resume call earlier in the submission path. NVD also provides the CVSS vector, CWE-667 mapping, and vulnerable version criteria. No KEV entry was provided in the source corpus.

Official resources