1. Home
  2. Vulnerabilities
  3. CVE-2026-43007
0.0
NA
CVE-2026-43007
accel/qaic: Handle DBC deactivation if the owner went away
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles this by calling decode_deactivate() to release the resources allocated for that DBC. Since that handling is done in the qaic_manage_ioctl() context, if the user goes away before receiving and handling the deactivation, the host will be out-of-sync with the DBCs available for use, and the DBC resources will not be freed unless the device is removed. If another user loads and requests to activate a network, then the device assigns the same DBC to that network, QAIC will "indefinitely" wait for dbc->in_use = false, leading the user process to hang. As a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions that are received after the user has gone away.

Details
INFO

Published Date :

May 1, 2026, 3:16 p.m.

Last Modified :

May 1, 2026, 3:24 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-43007 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Handle deactivation transactions after user disconnects to prevent resource leaks and hangs.
  • Implement handling for deactivation transactions after user disconnects.
  • Ensure DBC resources are freed promptly.
  • Test for indefinite waits during DBC activation.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-43007.

URL Resource
https://git.kernel.org/stable/c/08021f2d4a557d6491e3bcc288e96425f50aa3cf
https://git.kernel.org/stable/c/2dd67966f39a2abf8ccb4865031c722e40e01b7f
https://git.kernel.org/stable/c/2feec5ae5df785658924ab6bd91280dc3926507c
https://git.kernel.org/stable/c/ee0180e77e6c8482644569632065411de844c515
https://git.kernel.org/stable/c/f403094d9075d7c565a3d81002b781c325cb3c07
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-43007 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-43007 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-43007 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-43007 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    May. 01, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle DBC deactivation if the owner went away When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles this by calling decode_deactivate() to release the resources allocated for that DBC. Since that handling is done in the qaic_manage_ioctl() context, if the user goes away before receiving and handling the deactivation, the host will be out-of-sync with the DBCs available for use, and the DBC resources will not be freed unless the device is removed. If another user loads and requests to activate a network, then the device assigns the same DBC to that network, QAIC will "indefinitely" wait for dbc->in_use = false, leading the user process to hang. As a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions that are received after the user has gone away.
    Added Reference https://git.kernel.org/stable/c/08021f2d4a557d6491e3bcc288e96425f50aa3cf
    Added Reference https://git.kernel.org/stable/c/2dd67966f39a2abf8ccb4865031c722e40e01b7f
    Added Reference https://git.kernel.org/stable/c/2feec5ae5df785658924ab6bd91280dc3926507c
    Added Reference https://git.kernel.org/stable/c/ee0180e77e6c8482644569632065411de844c515
    Added Reference https://git.kernel.org/stable/c/f403094d9075d7c565a3d81002b781c325cb3c07
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.