CVE-2026-43430 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

usb: yurex: fix race in probe

The bbu member of the descriptor must be set to the value
standing for uninitialized values before the URB whose
completion handler sets bbu is submitted. Otherwise there is
a window during which probing can overwrite already retrieved
data.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< a7934d7202a39c3160aa30521c382c7b744ae4a2
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< a8b3b3d730acea1640bc89465f2832cf06a1e13a
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< 687d26d43a5aaf44323ce7d601cf242bb87e9559
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< 939e3d17b843b0bae70467fef4481069d73c8520
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< 3cec135415a89723e2d38e1c8cc5098203355965
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< a41d3d9202e951995cfac6248c565423079c71fa
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< af83e92c329f11139d5eea2b5b7b83c26c3f67e7
`6bc235a2e24a5ef677daee3fd4f74f6cd643e23c`	affected	< 7a875c09899ba0404844abfd8f0d54cdc481c151

Linux

affected

Version	Status	Constraints
`2.6.37`	affected	—
`0`	unaffected	< 2.6.37
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/3cec135415a89723e2d38e1c8cc5098203355965
https://git.kernel.org/stable/c/687d26d43a5aaf44323ce7d601cf242bb87e9559
https://git.kernel.org/stable/c/7a875c09899ba0404844abfd8f0d54cdc481c151
https://git.kernel.org/stable/c/939e3d17b843b0bae70467fef4481069d73c8520
https://git.kernel.org/stable/c/a41d3d9202e951995cfac6248c565423079c71fa
https://git.kernel.org/stable/c/a7934d7202a39c3160aa30521c382c7b744ae4a2
https://git.kernel.org/stable/c/a8b3b3d730acea1640bc89465f2832cf06a1e13a
https://git.kernel.org/stable/c/af83e92c329f11139d5eea2b5b7b83c26c3f67e7
https://lore.kernel.org/linux-cve-announce/2026050850-CVE-2026-43430-a1d8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43430
https://www.cve.org/CVERecord?id=CVE-2026-43430

History

Sat, 09 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-362

Sat, 09 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-367
References		https://lore.kernel.org/linux-cve-announce/2026050850-CVE-2026-43430-a1d8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43430 https://www.cve.org/CVERecord?id=CVE-2026-43430

Fri, 08 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-362

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: yurex: fix race in probe The bbu member of the descriptor must be set to the value standing for uninitialized values before the URB whose completion handler sets bbu is submitted. Otherwise there is a window during which probing can overwrite already retrieved data.
Title		usb: yurex: fix race in probe
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3cec135415a89723e2d38e1c8cc5098203355965 https://git.kernel.org/stable/c/687d26d43a5aaf44323ce7d601cf242bb87e9559 https://git.kernel.org/stable/c/7a875c09899ba0404844abfd8f0d54cdc481c151 https://git.kernel.org/stable/c/939e3d17b843b0bae70467fef4481069d73c8520 https://git.kernel.org/stable/c/a41d3d9202e951995cfac6248c565423079c71fa https://git.kernel.org/stable/c/a7934d7202a39c3160aa30521c382c7b744ae4a2 https://git.kernel.org/stable/c/a8b3b3d730acea1640bc89465f2832cf06a1e13a https://git.kernel.org/stable/c/af83e92c329f11139d5eea2b5b7b83c26c3f67e7

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:22:02.458Z

Updated: 2026-05-09T04:10:57.407Z

Reserved: 2026-05-01T14:12:56.009Z

Link: CVE-2026-43430

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T15:16:55.243

Modified: 2026-05-08T15:16:55.243

Link: CVE-2026-43430

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43430 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-09T15:30:36Z

Weaknesses

CWE-367

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object