usb: class: cdc-wdm: fix reordering issue in read code path

Summary

CVE	CVE-2026-43427
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-08 15:16:54 UTC
Updated	2026-05-12 14:10:27 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: usb: class: cdc-wdm: fix reordering issue in read code path Quoting the bug report: Due to compiler optimization or CPU out-of-order execution, the desc->length update can be reordered before the memmove. If this happens, wdm_read() can see the new length and call copy_to_user() on uninitialized memory. This also violates LKMM data race rules [1]. Fix it by using WRITE_ONCE and memory barriers.

Risk And Classification

EPSS: 0.000240000 probability, percentile 0.067530000 (date 2026-05-12)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 638328ca9c17ae6511ad62198c57bae32ffa3c91 git	Not specified
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 170e8daca24da6edb4be82ab01abf44e87af387b git	Not specified
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 c8fa96ed021923dae147bcd9f9205b8df7b82360 git	Not specified
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 4ee3062bf2c9a722afef429826e8607eaf3fc6a0 git	Not specified
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 276aef0fd2b92f41b920ac891c72cadeee957934 git	Not specified
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 67ed312124bb1b61858778ac0b985b48961c862a git	Not specified
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 e3c874b05901dc519054b5107d16620e6d2b5fea git	Not specified
CNA	Linux	Linux	affected afba937e540c902c989cd516fd97ea0c8499bb27 8df672bfe3ec2268c2636584202755898e547173 git	Not specified
CNA	Linux	Linux	affected 2.6.26	Not specified
CNA	Linux	Linux	unaffected 2.6.26 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.167 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.130 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.78 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.19 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.9 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/c8fa96ed021923dae147bcd9f9205b8df7b82360	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/e3c874b05901dc519054b5107d16620e6d2b5fea	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/8df672bfe3ec2268c2636584202755898e547173	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/276aef0fd2b92f41b920ac891c72cadeee957934	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/67ed312124bb1b61858778ac0b985b48961c862a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/638328ca9c17ae6511ad62198c57bae32ffa3c91	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/170e8daca24da6edb4be82ab01abf44e87af387b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/4ee3062bf2c9a722afef429826e8607eaf3fc6a0	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.