comedi: Reinit dev->spinlock between attachments to low-level drivers

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-43340
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-08 14:16:43 UTC
Updated2026-05-12 14:10:27 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member `spinlock` containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")). Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedi_num_legacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the `COMEDI_DEVCONFIG` ioctl command. This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing `dev->spinlock` before calling the low-level driver's `attach` function pointer if `CONFIG_LOCKDEP` is enabled.

Risk And Classification

EPSS: 0.000240000 probability, percentile 0.070360000 (date 2026-05-12)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 3181c34b415c5464be9d34bff3e43ef63b747039 git Not specified
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 2b1f49e4fdff3ef0f8e9158bbb5b149e06287560 git Not specified
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 4d5ffe524903a30e2e0da7d16841a56bec2de55c git Not specified
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 c01bcc67a9a692d65508ebd480405b5e77d562b7 git Not specified
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 430291d8f3884f57ae0057049b0ca291453e29e1 git Not specified
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 b89c026227712c367950bbae055a5b31073d3b30 git Not specified
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 83134a7a176ce5b4b19b6edecf4360e8d98d1a5a git Not specified
CNA Linux Linux affected ed9eccbe8970f6eedc1b978c157caf1251a896d4 4b9a9a6d71e3e252032f959fb3895a33acb5865c git Not specified
CNA Linux Linux affected 2.6.29 Not specified
CNA Linux Linux unaffected 2.6.29 semver Not specified
CNA Linux Linux unaffected 5.10.253 5.10.* semver Not specified
CNA Linux Linux unaffected 5.15.203 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.168 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.134 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.81 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.22 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.12 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/b89c026227712c367950bbae055a5b31073d3b30 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/c01bcc67a9a692d65508ebd480405b5e77d562b7 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/3181c34b415c5464be9d34bff3e43ef63b747039 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/2b1f49e4fdff3ef0f8e9158bbb5b149e06287560 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/4b9a9a6d71e3e252032f959fb3895a33acb5865c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/83134a7a176ce5b4b19b6edecf4360e8d98d1a5a 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/430291d8f3884f57ae0057049b0ca291453e29e1 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/4d5ffe524903a30e2e0da7d16841a56bec2de55c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report