PT-2026-40695 · Linux · Linux Kernel
CVE-2026-43488
·
Published
2026-05-13
·
Updated
2026-05-26
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
An issue exists in the xHCI controller where a Host Controller Error (HCE) occurs during UAS Storage Device plug/unplug scenarios on Android devices. The
xhci irq() function checks for HCE, but because the interrupt is not cleared, it can trigger an interrupt storm, resulting in severe system-level faults. While the driver typically logs a warning and expects activity to stop per xHCI specifications, some hosts continue the interrupt storm until the xHC interrupt is manually disabled and the controller is stopped via the xhci halt() function.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux Kernel