PatchSiren cyber security CVE debrief
CVE-2026-43487 Linux CVE debrief
CVE-2026-43487 is a Linux kernel stability issue in libata-core affecting a specific Seagate BarraCuda drive model. According to the CVE description, the ST1000DM010-2EP102 can experience random system freezes when Link Power Management (LPM) is enabled, and the kernel fix disables LPM for that model. The description also notes the drive is in the same BarraCuda family as ST2000DM008-2FR102, which had the same issue.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2026-05-13
- Advisory updated
- 2026-05-13
Who should care
Linux administrators, desktop users, and OEM/support teams with systems using Seagate ST1000DM010-2EP102 drives. The issue is especially relevant where unexpected freezes or hangs are being observed and the affected model is present in production or fielded systems.
Technical summary
The supplied record describes a kernel-side compatibility/workaround change in libata-core: LPM is disabled for the ST1000DM010-2EP102 because user reports linked that drive model to random freezes. The record does not describe a remote attack path, data corruption, privilege escalation, or a broader kernel subsystem flaw; it is a targeted mitigation for a specific hardware/firmware interaction. NVD lists kernel.org stable references for the fix, but the supplied corpus does not include the commit text.
Defensive priority
Moderate overall; high priority for systems that match the affected disk model because the impact is operational instability rather than security compromise.
Recommended defensive actions
- Inventory systems for Seagate ST1000DM010-2EP102 drives and confirm whether they are running kernel versions that include the libata-core fix.
- If matching hardware is present and unexplained freezes are occurring, prioritize kernel updates that include the referenced stable fix.
- Track related BarraCuda-family systems for similar storage stability symptoms, especially if they share the same model line noted in the CVE description.
- Validate any vendor or distribution kernel backport status before scheduling maintenance, since the supplied record references stable kernel fixes but does not identify a single upstream release threshold.
Evidence notes
The CVE description states: 'Disable LPM on ST1000DM010-2EP102' and attributes the change to user reports of random system freezes. It also states the drive is in the same BarraCuda family as ST2000DM008-2FR102, which has the same issue. The supplied NVD metadata includes four kernel.org stable references, but no commit contents were provided in the corpus. The CVE was published and modified on 2026-05-13T16:16:51.997Z; no KEV data is present in the supplied timeline.
Official resources
-
CVE-2026-43487 CVE record
CVE.org
-
CVE-2026-43487 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Publicly disclosed in the CVE record on 2026-05-13T16:16:51.997Z. The supplied data shows no KEV listing and no additional exploitation context.