Description
In the Linux kernel, the following vulnerability has been resolved:

comedi: Reinit dev->spinlock between attachments to low-level drivers

`struct comedi_device` is the main controlling structure for a COMEDI
device created by the COMEDI subsystem. It contains a member `spinlock`
containing a spin-lock that is initialized by the COMEDI subsystem, but
is reserved for use by a low-level driver attached to the COMEDI device
(at least since commit 25436dc9d84f ("Staging: comedi: remove RT
code")).

Some COMEDI devices (those created on initialization of the COMEDI
subsystem when the "comedi.comedi_num_legacy_minors" parameter is
non-zero) can be attached to different low-level drivers over their
lifetime using the `COMEDI_DEVCONFIG` ioctl command. This can result in
inconsistent lock states being reported when there is a mismatch in the
spin-lock locking levels used by each low-level driver to which the
COMEDI device has been attached. Fix it by reinitializing
`dev->spinlock` before calling the low-level driver's `attach` function
pointer if `CONFIG_LOCKDEP` is enabled.
Published: 2026-05-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Linux kernels that include the COMEDI subsystem, the spinlock in struct comedi_device is normally initialized by COMEDI and then used by any low‑level driver attached to that device. The patch that reinitializes dev->spinlock before each attachment was added to correct a situation where a COMEDI device can be reattached to multiple low‑level drivers during its lifetime. The existing code could leave the spinlock in an inconsistent state if the new driver uses a different locking level, potentially causing race conditions or other undefined behavior. This weakness is classified as CWE‑909 (Improper Use Of Spin‑Lock).

Affected Systems

All Linux distributions that ship kernel versions built without the commit that performs the reinitialization are affected. This includes any kernel that contains the COMEDI subsystem and has the legacy minor parameter enabled, allowing a COMEDI device to be reattached via the COMEDI_DEVCONFIG ioctl. Versions prior to the fix in commit 2b1f49e4 are vulnerable; exact kernel release boundaries are not specified in the CVE record.

Risk and Exploitability

The CVSS and EPSS scores are not available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that privileged access is required to invoke the COMEDI_DEVCONFIG ioctl, which is usually restricted to users with root or equivalent capabilities. The potential impact is limited to kernel instability or denial of service in the affected context, but no publicly reported exploits exist. The risk is therefore considered moderate, focusing on a local and privileged attack vector.

Generated by OpenCVE AI on May 9, 2026 at 03:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a release that incorporates the commit that reinitializes the COMEDI spinlock.
  • If an upgrade is not immediately possible, cherry‑pick and apply the patch from the kernel source tree that reinitializes dev->spinlock before driver attachment.
  • If the COMEDI subsystem is not required, unload the comedi module or disable the subsystem to eliminate the vulnerable code path.

Generated by OpenCVE AI on May 9, 2026 at 03:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 09 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-872

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-909
References

Fri, 08 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-872

Fri, 08 May 2026 14:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: comedi: Reinit dev->spinlock between attachments to low-level drivers `struct comedi_device` is the main controlling structure for a COMEDI device created by the COMEDI subsystem. It contains a member `spinlock` containing a spin-lock that is initialized by the COMEDI subsystem, but is reserved for use by a low-level driver attached to the COMEDI device (at least since commit 25436dc9d84f ("Staging: comedi: remove RT code")). Some COMEDI devices (those created on initialization of the COMEDI subsystem when the "comedi.comedi_num_legacy_minors" parameter is non-zero) can be attached to different low-level drivers over their lifetime using the `COMEDI_DEVCONFIG` ioctl command. This can result in inconsistent lock states being reported when there is a mismatch in the spin-lock locking levels used by each low-level driver to which the COMEDI device has been attached. Fix it by reinitializing `dev->spinlock` before calling the low-level driver's `attach` function pointer if `CONFIG_LOCKDEP` is enabled.
Title comedi: Reinit dev->spinlock between attachments to low-level drivers
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-08T13:37:18.580Z

Reserved: 2026-05-01T14:12:56.003Z

Link: CVE-2026-43340

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T14:16:43.910

Modified: 2026-05-08T14:16:43.910

Link: CVE-2026-43340

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43340 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T04:00:14Z

Weaknesses