CVE-2026-43428

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The usb control msg(), usb bulk msg(), and usb interrupt msg() APIs in usbcore allow unlimited timeout durations. Because these APIs utilize uninterruptible waits, a task can be hung indefinitely, and cannot be terminated without physically unplugging the target device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.