CVE-2026-43342 - Vulnerability Details

- usb: gadget: f_rndis: Protect RNDIS options with mutex

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_rndis: Protect RNDIS options with mutex

The class/subclass/protocol options are suspectible to race conditions
as they can be accessed concurrently through configfs.

Use existing mutex to protect these options. This issue was identified
during code inspection.

Published: 2026-05-08

Score: 4.7 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel’s RNDIS gadget driver contains a race condition that allows concurrent modification of class, subclass, and protocol options via configfs. This flaw can lead to corrupted data structures or inadvertent crashes within the driver loop, potentially resulting in a local denial of service or system instability. The vulnerability arises from insufficient synchronization when accessing these options during configuration operations.

Affected Systems

All versions of the Linux kernel that expose the RNDIS gadget driver through configfs are potentially affected until the patch that introduces a mutex is applied. No specific kernel releases are listed, so the risk applies broadly to any unpatched device using the RNDIS gadget interface.

Risk and Exploitability

The flaw is a local race condition; it requires an attacker with write access to the configfs interface to trigger concurrent changes. The CVSS score of 4.7 indicates moderate severity. Given the EPSS score of < 1% and absence in CISA KEV, exploitation is unlikely but not impossible. The exploit would involve orchestrating simultaneous writes to the RNDIS option configuration, leading to possible driver instability.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< 0a75d97c53477a59c0aa1c65f69038c719f9c5b8
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< c1b3d5b0acb194efe20fc5864ee03439fa7bd45c
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< 65b7dbf80a1627667c241fff7c1c224f3118014f
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< cb5316b37288ab8791584e32f114c4f41ad45b67
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< 7d8fa3b8783ab95a46e20d97fbeeede719b2efda
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< 446f1842cda929c40d4697722bfdcfb334bc9692
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< 209decd3f7901df9842b83f2540dc8685e344a07
`73517cf49bd449122b615d2b7a6bb835f02252e5`	affected	< 8d8c68b1fc06ece60cf43e1306ff0f4ac121547e

Linux

affected

Version	Status	Constraints
`4.14`	affected	—
`0`	unaffected	< 4.14
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.168`	unaffected	≤ 6.1.*
`6.6.134`	unaffected	≤ 6.6.*
`6.12.81`	unaffected	≤ 6.12.*
`6.18.22`	unaffected	≤ 6.18.*
`6.19.12`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc3::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc4::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc5::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[73517cf49bd449122b615d2b7a6bb835f02252e5,0a75d97c53477a59c0aa1c65f69038c719f9c5b8)`	affected	code_commit	—
`[73517cf49bd449122b615d2b7a6bb835f02252e5,c1b3d5b0acb194efe20fc5864ee03439fa7bd45c)`	affected	code_commit	—
`[73517cf49bd449122b615d2b7a6bb835f02252e5,65b7dbf80a1627667c241fff7c1c224f3118014f)`	affected	code_commit	—
`[73517cf49bd449122b615d2b7a6bb835f02252e5,cb5316b37288ab8791584e32f114c4f41ad45b67)`	affected	code_commit	—
`[73517cf49bd449122b615d2b7a6bb835f02252e5,7d8fa3b8783ab95a46e20d97fbeeede719b2efda)`	affected	code_commit	—
`[73517cf49bd449122b615d2b7a6bb835f02252e5,446f1842cda929c40d4697722bfdcfb334bc9692)`	affected	code_commit	—
`[73517cf49bd449122b615d2b7a6bb835f02252e5,209decd3f7901df9842b83f2540dc8685e344a07)`	affected	code_commit	—
`[73517cf49bd449122b615d2b7a6bb835f02252e5,8d8c68b1fc06ece60cf43e1306ff0f4ac121547e)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.14`	affected	generic	—
`[0,4.14)`	unaffected	generic	—
`[5.10.253,5.11.0)`	unaffected	semver	—
`[5.15.203,5.16.0)`	unaffected	semver	—
`[6.1.168,6.2.0)`	unaffected	semver	—
`[6.6.134,6.7.0)`	unaffected	semver	—
`[6.12.81,6.13.0)`	unaffected	semver	—
`[6.18.22,6.19.0)`	unaffected	semver	—
`[6.19.12,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest Linux kernel update that contains the mutex protection for RNDIS gadget options
Ensure that writes to the configfs RNDIS option entries are restricted to privileged users and monitored for abnormal activity
If an immediate kernel upgrade is infeasible, consider disabling the RNDIS gadget driver or remounting configfs with readonly permissions for non‑privileged users

Generated by OpenCVE AI on May 18, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4606-1	linux security update

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0a75d97c53477a59c0aa1c65f69038c719f9c5b8
https://git.kernel.org/stable/c/209decd3f7901df9842b83f2540dc8685e344a07
https://git.kernel.org/stable/c/446f1842cda929c40d4697722bfdcfb334bc9692
https://git.kernel.org/stable/c/65b7dbf80a1627667c241fff7c1c224f3118014f
https://git.kernel.org/stable/c/7d8fa3b8783ab95a46e20d97fbeeede719b2efda
https://git.kernel.org/stable/c/8d8c68b1fc06ece60cf43e1306ff0f4ac121547e
https://git.kernel.org/stable/c/c1b3d5b0acb194efe20fc5864ee03439fa7bd45c
https://git.kernel.org/stable/c/cb5316b37288ab8791584e32f114c4f41ad45b67
https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2026-43342-fd03@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43342
https://www.cve.org/CVERecord?id=CVE-2026-43342

History

Mon, 18 May 2026 12:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc3:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc4:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc5:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc6::::::
Metrics		cvssV3_1 `{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-820
References		https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2026-43342-fd03@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43342 https://www.cve.org/CVERecord?id=CVE-2026-43342

Fri, 08 May 2026 19:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362

Fri, 08 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Protect RNDIS options with mutex The class/subclass/protocol options are suspectible to race conditions as they can be accessed concurrently through configfs. Use existing mutex to protect these options. This issue was identified during code inspection.
Title		usb: gadget: f_rndis: Protect RNDIS options with mutex
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0a75d97c53477a59c0aa1c65f69038c719f9c5b8 https://git.kernel.org/stable/c/209decd3f7901df9842b83f2540dc8685e344a07 https://git.kernel.org/stable/c/446f1842cda929c40d4697722bfdcfb334bc9692 https://git.kernel.org/stable/c/65b7dbf80a1627667c241fff7c1c224f3118014f https://git.kernel.org/stable/c/7d8fa3b8783ab95a46e20d97fbeeede719b2efda https://git.kernel.org/stable/c/8d8c68b1fc06ece60cf43e1306ff0f4ac121547e https://git.kernel.org/stable/c/c1b3d5b0acb194efe20fc5864ee03439fa7bd45c https://git.kernel.org/stable/c/cb5316b37288ab8791584e32f114c4f41ad45b67

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:37:19.920Z

Updated: 2026-05-11T22:22:43.032Z

Reserved: 2026-05-01T14:12:56.003Z

Link: CVE-2026-43342

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T14:16:44.170

Modified: 2026-05-18T12:36:32.763

Link: CVE-2026-43342

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43342 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-18T13:30:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object