Description
In the Linux kernel, the following vulnerability has been resolved:

scsi: ufs: core: Flush exception handling work when RPM level is zero

Ensure that the exception event handling work is explicitly flushed during
suspend when the runtime power management level is set to UFS_PM_LVL_0.

When the RPM level is zero, the device power mode and link state both
remain active. Previously, the UFS core driver bypassed flushing exception
event handling jobs in this configuration. This created a race condition
where the driver could attempt to access the host controller to handle an
exception after the system had already entered a deep power-down state,
resulting in a system crash.

Explicitly flush this work and disable auto BKOPs before the suspend
callback proceeds. This guarantees that pending exception tasks complete
and prevents illegal hardware access during the power-down sequence.
Published: 2026-05-06
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A race condition exists in the Linux UFS core driver when the runtime power management level is set to UFS_PM_LVL_0. In this state, the driver mistakenly bypasses flushing pending exception handling jobs before the device enters a deep power‑down mode. When the system suspends, the driver may later attempt to access the host controller while the controller is in an invalid state, causing an illegal hardware access that crashes the system. The underlying weakness is a classic race condition between suspend handling and exception processing.

Affected Systems

The flaw is confined to the Linux kernel’s UFS core driver and therefore affects all Linux distributions that ship the unpatched kernel. No specific kernel version range is listed, so any release prior to the commit referenced in the advisory is potentially vulnerable.

Risk and Exploitability

Explicitly flushing work and disabling auto BKOPs before suspend guarantees that pending exception tasks complete before the host controller is de‑energized. The race condition occurs when the runtime power‑management level is zero, allowing the driver to attempt host controller access during a deep power‑down and causing a system crash. The attack vector is not explicitly stated, but based on the description it is likely local and requires influence over the device’s runtime power‑management configuration. The EPSS score is less than 1 %. The CVSS score of 4.7 indicates moderate severity. The flaw is not listed in CISA KEV. An attacker who can alter the power‑management state of a device—such as by modifying driver settings—may induce a crash, representing a denial of service.

Generated by OpenCVE AI on May 8, 2026 at 20:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the kernel to the latest stable release that incorporates the UFS driver patch.
  • Reboot the system to ensure the updated kernel module is loaded.
  • If the affected distribution cannot be upgraded immediately, disable or lower the runtime power‑management level for UFS devices to prevent the race condition until a patch is applied.

Generated by OpenCVE AI on May 8, 2026 at 20:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Fri, 08 May 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 08 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 06 May 2026 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS_PM_LVL_0. When the RPM level is zero, the device power mode and link state both remain active. Previously, the UFS core driver bypassed flushing exception event handling jobs in this configuration. This created a race condition where the driver could attempt to access the host controller to handle an exception after the system had already entered a deep power-down state, resulting in a system crash. Explicitly flush this work and disable auto BKOPs before the suspend callback proceeds. This guarantees that pending exception tasks complete and prevents illegal hardware access during the power-down sequence.
Title scsi: ufs: core: Flush exception handling work when RPM level is zero
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:21:24.558Z

Reserved: 2026-05-01T14:12:55.998Z

Link: CVE-2026-43275

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:48.800

Modified: 2026-05-08T19:30:22.640

Link: CVE-2026-43275

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43275 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T21:00:10Z

Weaknesses