CVE-2026-43342

EUVD-2026-28626
In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_rndis: Protect RNDIS options with mutex

The class/subclass/protocol options are suspectible to race conditions
as they can be accessed concurrently through configfs.

Use existing mutex to protect these options. This issue was identified
during code inspection.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
linuxlinux_kernel
4.14 ≤
𝑥
< 5.10.253
linuxlinux_kernel
5.11 ≤
𝑥
< 5.15.203
linuxlinux_kernel
5.16 ≤
𝑥
< 6.1.168
linuxlinux_kernel
6.2 ≤
𝑥
< 6.6.134
linuxlinux_kernel
6.7 ≤
𝑥
< 6.12.81
linuxlinux_kernel
6.13 ≤
𝑥
< 6.18.22
linuxlinux_kernel
6.19 ≤
𝑥
< 6.19.12
linuxlinux_kernel
7.0:rc1
linuxlinux_kernel
7.0:rc2
linuxlinux_kernel
7.0:rc3
linuxlinux_kernel
7.0:rc4
linuxlinux_kernel
7.0:rc5
linuxlinux_kernel
7.0:rc6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
vulnerable
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/0a75d97c53477a59c0aa1c65f69038c719f9c5b8
https://git.kernel.org/stable/c/209decd3f7901df9842b83f2540dc8685e344a07
https://git.kernel.org/stable/c/446f1842cda929c40d4697722bfdcfb334bc9692
https://git.kernel.org/stable/c/65b7dbf80a1627667c241fff7c1c224f3118014f
https://git.kernel.org/stable/c/7d8fa3b8783ab95a46e20d97fbeeede719b2efda
https://git.kernel.org/stable/c/8d8c68b1fc06ece60cf43e1306ff0f4ac121547e
https://git.kernel.org/stable/c/c1b3d5b0acb194efe20fc5864ee03439fa7bd45c
https://git.kernel.org/stable/c/cb5316b37288ab8791584e32f114c4f41ad45b67