CVE-2026-43307 - Vulnerability Details

- iio: accel: adxl380: Avoid reading more entries than present in FIFO

Description

In the Linux kernel, the following vulnerability has been resolved:

iio: accel: adxl380: Avoid reading more entries than present in FIFO

The interrupt handler reads FIFO entries in batches of N samples, where N
is the number of scan elements that have been enabled. However, the sensor
fills the FIFO one sample at a time, even when more than one channel is
enabled. Therefore,the number of entries reported by the FIFO status
registers may not be a multiple of N; if this number is not a multiple, the
number of entries read from the FIFO may exceed the number of entries
actually present.

To fix the above issue, round down the number of FIFO entries read from the
status registers so that it is always a multiple of N.

Published: 2026-05-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The ADXL380 IIO driver incorrectly calculates how many entries to read from the device FIFO when multiple scan elements are enabled. Because the sensor supplies one sample at a time even with several channels active, the driver’s read count can exceed the real number of entries. If more data is fetched than exists, the driver can read invalid memory, potentially corrupting kernel buffers and triggering a crash or unstable behavior. The advisory does not describe a direct exploit, but the over‑read represents a serious kernel memory safety issue.

Affected Systems

All Linux kernel releases that contain the pre‑fixed ADXL380 driver are affected. The specific kernel versions are not listed, but any build with the driver before the commit that rounds the FIFO count to a multiple of enabled scan elements is vulnerable. Systems running that driver module without the patch are at risk.

Risk and Exploitability

The CVSS score and EPSS value are not supplied, and the vulnerability is not listed in the CISA KEV catalog. The attack vector can only be inferred as local or requiring physical access to the device: an attacker would need to trigger the sensor interrupt and cause the driver to read the FIFO. Even without a known exploit, the possibility of kernel memory corruption makes this a high‑risk issue that could lead to denial of service. The fix is to apply the kernel patch that ensures the read count is rounded down to a multiple of the enabled scan elements.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`df36de13677a0ebd3ab31dd2c603f9eafdf8de7d`	affected	< a40f316085985f916ba1599fc303fdbc6a078e86
`df36de13677a0ebd3ab31dd2c603f9eafdf8de7d`	affected	< a8e88edfd69df7b63c882aa53e61e7c078806ad7
`df36de13677a0ebd3ab31dd2c603f9eafdf8de7d`	affected	< f42ddb2945ae4ce2b6f1c2e7aae9f14455a734d3
`df36de13677a0ebd3ab31dd2c603f9eafdf8de7d`	affected	< c1b14015224cfcccd5356333763f2f4f401bd810

Linux

affected

Version	Status	Constraints
`6.12`	affected	—
`0`	unaffected	< 6.12
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[df36de13677a0ebd3ab31dd2c603f9eafdf8de7d,a40f316085985f916ba1599fc303fdbc6a078e86)`	affected	code_commit	—
`[df36de13677a0ebd3ab31dd2c603f9eafdf8de7d,a8e88edfd69df7b63c882aa53e61e7c078806ad7)`	affected	code_commit	—
`[df36de13677a0ebd3ab31dd2c603f9eafdf8de7d,f42ddb2945ae4ce2b6f1c2e7aae9f14455a734d3)`	affected	code_commit	—
`[df36de13677a0ebd3ab31dd2c603f9eafdf8de7d,c1b14015224cfcccd5356333763f2f4f401bd810)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.12`	affected	semver	—
`[0,6.12)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel release that includes the patched ADXL380 driver
If immediate update is not possible, disable multi‑channel scanning for the ADXL380 (set scan_elements=0) to avoid FIFO overread
If the device cannot be reconfigured, unload or disable the ADXL380 driver until the patch is applied

Generated by OpenCVE AI on May 9, 2026 at 04:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/a40f316085985f916ba1599fc303fdbc6a078e86
https://git.kernel.org/stable/c/a8e88edfd69df7b63c882aa53e61e7c078806ad7
https://git.kernel.org/stable/c/c1b14015224cfcccd5356333763f2f4f401bd810
https://git.kernel.org/stable/c/f42ddb2945ae4ce2b6f1c2e7aae9f14455a734d3
https://lore.kernel.org/linux-cve-announce/2026050858-CVE-2026-43307-5b3e@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43307
https://www.cve.org/CVERecord?id=CVE-2026-43307

History

Sat, 09 May 2026 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-119 CWE-193

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-805
References		https://lore.kernel.org/linux-cve-announce/2026050858-CVE-2026-43307-5b3e@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43307 https://www.cve.org/CVERecord?id=CVE-2026-43307

Fri, 08 May 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119 CWE-193

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than present in FIFO The interrupt handler reads FIFO entries in batches of N samples, where N is the number of scan elements that have been enabled. However, the sensor fills the FIFO one sample at a time, even when more than one channel is enabled. Therefore,the number of entries reported by the FIFO status registers may not be a multiple of N; if this number is not a multiple, the number of entries read from the FIFO may exceed the number of entries actually present. To fix the above issue, round down the number of FIFO entries read from the status registers so that it is always a multiple of N.
Title		iio: accel: adxl380: Avoid reading more entries than present in FIFO
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/a40f316085985f916ba1599fc303fdbc6a078e86 https://git.kernel.org/stable/c/a8e88edfd69df7b63c882aa53e61e7c078806ad7 https://git.kernel.org/stable/c/c1b14015224cfcccd5356333763f2f4f401bd810 https://git.kernel.org/stable/c/f42ddb2945ae4ce2b6f1c2e7aae9f14455a734d3

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:26.295Z

Updated: 2026-05-08T13:11:26.295Z

Reserved: 2026-05-01T14:12:56.000Z

Link: CVE-2026-43307

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:38.027

Modified: 2026-05-08T14:16:38.027

Link: CVE-2026-43307

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43307 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T05:00:10Z

Weaknesses

CWE-805

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object