Description
In the Linux kernel, the following vulnerability has been resolved:

usb: xhci: Prevent interrupt storm on host controller error (HCE)

The xHCI controller reports a Host Controller Error (HCE) in UAS Storage
Device plug/unplug scenarios on Android devices. HCE is checked in
xhci_irq() function and causes an interrupt storm (since the interrupt
isn’t cleared), leading to severe system-level faults.

When the xHC controller reports HCE in the interrupt handler, the driver
only logs a warning and assumes xHC activity will stop as stated in xHCI
specification. An interrupt storm does however continue on some hosts
even after HCE, and only ceases after manually disabling xHC interrupt
and stopping the controller by calling xhci_halt().

Add xhci_halt() to xhci_irq() function where STS_HCE status is checked,
mirroring the existing error handling pattern used for STS_FATAL errors.

This only fixes the interrupt storm. Proper HCE recovery requires resetting
and re-initializing the xHC.
Published: 2026-05-13
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the Linux kernel’s xHCI USB controller driver. When a Host Controller Error (HCE) occurs during plug or unplug of a USB storage device, the driver logs a warning but fails to clear the interrupt flag. This causes the interrupt line to remain asserted, leading to an interrupt storm that repeatedly invokes the interrupt handler and exhausts CPU resources. The effect is a severe system fault that effectively disables normal operation. The underlying weakness corresponds to CWE‑770, Maximum Resource Consumption.

Affected Systems

All Linux kernel versions that contain the unpatched xHCI code are affected, including those used on Android devices and other systems that rely on the default xHCI driver for device plug/unplug events. No specific kernel release numbers are listed, so administrators should assume any kernel built from mainline code before the patch commit is vulnerable.

Risk and Exploitability

The CVSS score is 5.5 and the EPSS score is unavailable, though the vulnerability is not listed in the CISA KEV catalog. An attacker could trigger the flaw by inserting or removing a USB storage device on a vulnerable host, initiating the interrupt storm. The issue is local to the device and does not enable remote code execution or privilege escalation, but it presents a high impact denial of service that disrupts system availability.

Generated by OpenCVE AI on May 14, 2026 at 13:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the fix for HCE interrupt storms, which adds a call to xhci_halt() in the interrupt handler.
  • If a kernel update cannot be applied immediately, reboot the system after ensuring no USB devices are connected, then disable the xHCI driver by unbinding from /sys/bus/pci/drivers/xhci_hcd or by booting with the kernel parameter xhci_hcd=off to prevent the driver from handling interrupts.
  • Monitor system logs for repeated HCE warnings; if the interrupt storm still occurs, consider disabling USB 3.0 ports or using a stable kernel branch deemed secure until the patch is available.

Generated by OpenCVE AI on May 14, 2026 at 13:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-390
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 13 May 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770

Wed, 13 May 2026 15:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UAS Storage Device plug/unplug scenarios on Android devices. HCE is checked in xhci_irq() function and causes an interrupt storm (since the interrupt isn’t cleared), leading to severe system-level faults. When the xHC controller reports HCE in the interrupt handler, the driver only logs a warning and assumes xHC activity will stop as stated in xHCI specification. An interrupt storm does however continue on some hosts even after HCE, and only ceases after manually disabling xHC interrupt and stopping the controller by calling xhci_halt(). Add xhci_halt() to xhci_irq() function where STS_HCE status is checked, mirroring the existing error handling pattern used for STS_FATAL errors. This only fixes the interrupt storm. Proper HCE recovery requires resetting and re-initializing the xHC.
Title usb: xhci: Prevent interrupt storm on host controller error (HCE)
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-14T14:31:22.390Z

Reserved: 2026-05-01T14:12:56.012Z

Link: CVE-2026-43488

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-13T16:16:52.107

Modified: 2026-05-22T16:33:17.283

Link: CVE-2026-43488

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-13T00:00:00Z

Links: CVE-2026-43488 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T13:30:06Z

Weaknesses