HOMEVULNERABILITIESCVE-2026-43324
HIGH

CVE-2026-43324

Published: May 8, 2026· Updated: May 12, 2026

7.8
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:1.8th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

USB: dummy-hcd: Fix interrupt synchronization error

This fixes an error in synchronization in the dummy-hcd driver. The

error has a somewhat involved history. The synchronization mechanism

was introduced by commit 7dbd8f4cabd9 ("USB: dummy-hcd: Fix erroneous

synchronization change"), which added an emulated "interrupts enabled"

flag together with code emulating synchronize_irq() (it waits until

all current handler callbacks have returned).

But the emulated interrupt-disable occurred too late, after the driver

containing the handler callback routines had been told that it was

unbound and no more callbacks would occur. Commit 4a5d797a9f9c ("usb:

gadget: dummy_hcd: fix gpf in gadget_setup") tried to fix this by

moving the synchronize_irq() emulation code from dummy_stop() to

dummy_pullup(), which runs before the unbind callback.

There still were races, though, because the emulated interrupt-disable

still occurred too late. It couldn't be moved to dummy_pullup(),

because that routine can be called for reasons other than an impending

unbind. Therefore commits 7dc0c55e9f30 ("USB: UDC core: Add

udc_async_callbacks gadget op") and 04145a03db9d ("USB: UDC: Implement

udc_async_callbacks in dummy-hcd") added an API allowing the UDC core

to tell dummy-hcd exactly when emulated interrupts and their callbacks

should be disabled.

That brings us to the current state of things, which is still wrong

because the emulated synchronize_irq() occurs before the emulated

interrupt-disable! That's no good, beause it means that more emulated

interrupts can occur after the synchronize_irq() emulation has run,

leading to the possibility that a callback handler may be running when

the gadget driver is unbound.

To fix this, we have to move the synchronize_irq() emulation code yet

again, to the dummy_udc_async_callbacks() routine, which takes care of

enabling and disabling emulated interrupt requests. The

synchronization will now run immediately after emulated interrupts are

disabled, which is where it belongs.

NVD Source

Technical Analysis

CVE-2026-43324 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2026-43324
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
EPSS (30d)0.01%
PublishedMay 8, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-43324 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.