CVE-2026-43427

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A reordering issue exists in the read code path of the usb class cdc-wdm. Due to compiler optimization or CPU out-of-order execution, the desc->length update may occur before the memmove operation. This can lead to the wdm read() function accessing the updated length and executing copy to user() on uninitialized memory, which also violates Linux Kernel Memory Model (LKMM) data race rules.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.