CVE-2026-43319

EUVD-2026-28603
In the Linux kernel, the following vulnerability has been resolved:

spi: spidev: fix lock inversion between spi_lock and buf_lock

The spidev driver previously used two mutexes, spi_lock and buf_lock,
but acquired them in different orders depending on the code path:

  write()/read(): buf_lock -> spi_lock
  ioctl():       spi_lock -> buf_lock

This AB-BA locking pattern triggers lockdep warnings and can
cause real deadlocks:

  WARNING: possible circular locking dependency detected
  spidev_ioctl() -> mutex_lock(&spidev->buf_lock)
  spidev_sync_write() -> mutex_lock(&spidev->spi_lock)
  *** DEADLOCK ***

The issue is reproducible with a simple userspace program that
performs write() and SPI_IOC_WR_MAX_SPEED_HZ ioctl() calls from
separate threads on the same spidev file descriptor.

Fix this by simplifying the locking model and removing the lock
inversion entirely. spidev_sync() no longer performs any locking,
and all callers serialize access using spi_lock.

buf_lock is removed since its functionality is fully covered by
spi_lock, eliminating the possibility of lock ordering issues.

This removes the lock inversion and prevents deadlocks without
changing userspace ABI or behaviour.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
6.19.14-1
fixed
sid
7.0.4-1
fixed
trixie
vulnerable
trixie (security)
6.12.86-1
fixed
References
https://git.kernel.org/stable/c/40534d19ed2afb880ecf202dab26a8e7a5808d16
https://git.kernel.org/stable/c/41ccfac7d302968a4f32b5f7b012d066c5f5cdf8
https://git.kernel.org/stable/c/e341e18215030af2136836b78508e0d798916df7
https://git.kernel.org/stable/c/f8431b8672231d378b03176fe74c95adfd3522cf