Description
In the Linux kernel, the following vulnerability has been resolved:

ata: libata-core: Disable LPM on ST1000DM010-2EP102

According to a user report, the ST1000DM010-2EP102 has problems with LPM,
causing random system freezes. The drive belongs to the same BarraCuda
family as the ST2000DM008-2FR102 which has the same issue.
Published: 2026-05-13
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel bug involves the SATA driver libata-core and the ST1000DM010-2EP102 SATA drive model. The driver fails to correctly disable low‑power mode (LPM) for these drives, causing erratic power‑state changes that trigger random system freezes. The result is a denial of service, as the host becomes unresponsive until rebooted, and no further user or kernel activity can be performed.

Affected Systems

All Linux distributions that ship the affected kernel code are impacted. The issue is specific to the ST1000DM010-2EP102 model and similar BarraCuda family drives such as the ST2000DM008-2FR102. No specific kernel version range is given, so any kernel that contains the unpatched libata-core code remains vulnerable. System administrators should verify whether their kernel includes the fix that disables LPM for these models.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity risk, while the EPSS score of < 1% suggests a low probability of exploitation in the wild. The likely attack vector is local, requiring an affected SATA drive with LPM enabled and an opportunity to trigger the freeze through the device’s power‑management logic. The vulnerability is not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on May 19, 2026 at 03:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the libata-core patch disabling LPM for the ST1000DM010-2EP102 drive (see commit references in the provided URLs).
  • If a kernel upgrade is not immediately possible, disable LPM on the affected drive with hdparm, for example "hdparm -B 255 /dev/sdX", to turn off power‑management retries.
  • After applying the patch or the workaround, monitor system logs for "libata" or drive‑related entries to confirm that freezes no longer occur.

Generated by OpenCVE AI on May 19, 2026 at 03:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 19 May 2026 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20

Tue, 19 May 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-779

Tue, 19 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-779

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102 which has the same issue.
Title ata: libata-core: Disable LPM on ST1000DM010-2EP102
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-13T15:08:32.631Z

Reserved: 2026-05-01T14:12:56.012Z

Link: CVE-2026-43487

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:51.997

Modified: 2026-05-22T16:33:17.283

Link: CVE-2026-43487

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-13T00:00:00Z

Links: CVE-2026-43487 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-19T04:00:12Z

Weaknesses