PT-2026-40695 · Linux · Linux Kernel

CVE-2026-43488

·

Published

2026-05-13

·

Updated

2026-05-26

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description An issue exists in the xHCI controller where a Host Controller Error (HCE) occurs during UAS Storage Device plug/unplug scenarios on Android devices. The xhci irq() function checks for HCE, but because the interrupt is not cleared, it can trigger an interrupt storm, resulting in severe system-level faults. While the driver typically logs a warning and expects activity to stop per xHCI specifications, some hosts continue the interrupt storm until the xHC interrupt is manually disabled and the controller is stopped via the xhci halt() function.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-43488
OESA-2026-2416

Affected Products

Linux Kernel