CVE-2026-43357 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

iio: gyro: mpu3050-core: fix pm_runtime error handling

The return value of pm_runtime_get_sync() is not checked, allowing
the driver to access hardware that may fail to resume. The device
usage count is also unconditionally incremented. Use
pm_runtime_resume_and_get() which propagates errors and avoids
incrementing the usage count on failure.

In preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate()
failure since postdisable does not run when preenable fails.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 935f57dd43492240e1ca220dd065d624efece6be
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 8544c488e50206f00630a8bbba43d2c8bd290345
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 35f54e7bcb1eccdc6e5bff06580eeef2e0ff3677
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 2a86a396aa001a9f9ba2d37dda36573a76f17c90
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 66c0d1d600e7be034959cf49edab104cb5a39258
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 42685cf96e28262e0b84d74447f3d99f3f6a72e0
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< 7a3dec5b265cf87678b10c98a72a435a8e769bb7
`3904b28efb2c780c23dcddfb87e07fe0230661e5`	affected	< acc3949aab3e8094641a9c7c2768de1958c88378

Linux

affected

Version	Status	Constraints
`4.10`	affected	—
`0`	unaffected	< 4.10
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.19`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2a86a396aa001a9f9ba2d37dda36573a76f17c90
https://git.kernel.org/stable/c/35f54e7bcb1eccdc6e5bff06580eeef2e0ff3677
https://git.kernel.org/stable/c/42685cf96e28262e0b84d74447f3d99f3f6a72e0
https://git.kernel.org/stable/c/66c0d1d600e7be034959cf49edab104cb5a39258
https://git.kernel.org/stable/c/7a3dec5b265cf87678b10c98a72a435a8e769bb7
https://git.kernel.org/stable/c/8544c488e50206f00630a8bbba43d2c8bd290345
https://git.kernel.org/stable/c/935f57dd43492240e1ca220dd065d624efece6be
https://git.kernel.org/stable/c/acc3949aab3e8094641a9c7c2768de1958c88378
https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2026-43357-4d3f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43357
https://www.cve.org/CVERecord?id=CVE-2026-43357

History

Tue, 12 May 2026 03:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-682

Tue, 12 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-390
References		https://lore.kernel.org/linux-cve-announce/2026050824-CVE-2026-43357-4d3f@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43357 https://www.cve.org/CVERecord?id=CVE-2026-43357

Fri, 08 May 2026 17:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-682

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally incremented. Use pm_runtime_resume_and_get() which propagates errors and avoids incrementing the usage count on failure. In preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate() failure since postdisable does not run when preenable fails.
Title		iio: gyro: mpu3050-core: fix pm_runtime error handling
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2a86a396aa001a9f9ba2d37dda36573a76f17c90 https://git.kernel.org/stable/c/35f54e7bcb1eccdc6e5bff06580eeef2e0ff3677 https://git.kernel.org/stable/c/42685cf96e28262e0b84d74447f3d99f3f6a72e0 https://git.kernel.org/stable/c/66c0d1d600e7be034959cf49edab104cb5a39258 https://git.kernel.org/stable/c/7a3dec5b265cf87678b10c98a72a435a8e769bb7 https://git.kernel.org/stable/c/8544c488e50206f00630a8bbba43d2c8bd290345 https://git.kernel.org/stable/c/935f57dd43492240e1ca220dd065d624efece6be https://git.kernel.org/stable/c/acc3949aab3e8094641a9c7c2768de1958c88378

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:13.050Z

Updated: 2026-05-11T22:23:00.799Z

Reserved: 2026-05-01T14:12:56.005Z

Link: CVE-2026-43357

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-08T15:16:46.477

Modified: 2026-05-12T14:10:27.343

Link: CVE-2026-43357

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43357 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-12T05:30:08Z

Weaknesses

CWE-390

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object