Description
In the Linux kernel, the following vulnerability has been resolved:

PCI: Fix pci_slot_trylock() error handling

Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()")
delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in
pci_slot_trylock(), but it forgets to remove the corresponding
pci_dev_unlock() when pci_bus_trylock() fails.

Before a4e772898f8b, the code did:

if (!pci_dev_trylock(dev)) /* <- lock bridge device */
goto unlock;
if (dev->subordinate) {
if (!pci_bus_trylock(dev->subordinate)) {
pci_dev_unlock(dev); /* <- unlock bridge device */
goto unlock;
}
}

After a4e772898f8b the bridge-device lock is no longer taken, but the
pci_dev_unlock(dev) on the failure path was left in place, leading to the
bug.

This yields one of two errors:

1. A warning that the lock is being unlocked when no one holds it.
2. An incorrect unlock of a lock that belongs to another thread.

Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure
path.

[Same patch later posted by Keith at
https://patch.msgid.link/20260116184150.3013258-1-kbusch@meta.com]
Published: 2026-05-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A bug in the Linux kernel’s pci_slot_trylock function left an unintended pci_dev_unlock call on the failure path after the bridge device lock was no longer acquired. When the nested pci_bus_trylock fails, the removed unlock logic triggers either a warning that a lock is being released without being held or an incorrect release of a lock that belongs to another thread. These errors are the only outcomes explicitly stated in the description and reflect the improper lock state that arises when the buggy code path is exercised.

Affected Systems

Any installation running the Linux kernel that contains the buggy pci_slot_trylock implementation is affected. The vendor list identifies Linux, and the description indicates that versions lacking the commit a4e772898f8b are vulnerable. No precise version range is provided, so all kernel releases prior to the inclusion of this fix may be impacted.

Risk and Exploitability

The CVSS score of 7.8 marks the issue as high severity. The EPSS score of less than 1% indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation would require triggering the failure path in pci_slot_trylock, which would typically involve running privileged kernel‑level code such as a malicious module or driver. No known exploits are documented; therefore the attack vector is inferred as local privileged execution, and the overall risk is judged as high severity but low probability.

Generated by OpenCVE AI on May 11, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a release that includes commit a4e772898f8b or later.
  • If a kernel upgrade cannot be applied immediately, apply a local patch that removes the pci_dev_unlock call on the failure path, as shown in the provided patch.
  • As a temporary mitigation, disable PCI hotplug or other mechanisms that trigger pci_slot_trylock if these functions are not required in your environment.

Generated by OpenCVE AI on May 11, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 07 May 2026 04:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 07 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-832
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 06 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the bridge device's pci_dev_trylock() to pci_bus_trylock() in pci_slot_trylock(), but it forgets to remove the corresponding pci_dev_unlock() when pci_bus_trylock() fails. Before a4e772898f8b, the code did: if (!pci_dev_trylock(dev)) /* <- lock bridge device */ goto unlock; if (dev->subordinate) { if (!pci_bus_trylock(dev->subordinate)) { pci_dev_unlock(dev); /* <- unlock bridge device */ goto unlock; } } After a4e772898f8b the bridge-device lock is no longer taken, but the pci_dev_unlock(dev) on the failure path was left in place, leading to the bug. This yields one of two errors: 1. A warning that the lock is being unlocked when no one holds it. 2. An incorrect unlock of a lock that belongs to another thread. Fix it by removing the now-redundant pci_dev_unlock(dev) on the failure path. [Same patch later posted by Keith at https://patch.msgid.link/20260116184150.3013258-1-kbusch@meta.com]
Title PCI: Fix pci_slot_trylock() error handling
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-23T16:06:30.831Z

Reserved: 2026-05-01T14:12:55.993Z

Link: CVE-2026-43211

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:40.527

Modified: 2026-05-11T19:58:10.490

Link: CVE-2026-43211

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43211 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:00:19Z

Weaknesses