CVE-2026-43007

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> accel/qaic: Handle DBC deactivation if the owner went away<br /> <br /> When a DBC is released, the device sends a QAIC_TRANS_DEACTIVATE_FROM_DEV<br /> transaction to the host over the QAIC_CONTROL MHI channel. QAIC handles<br /> this by calling decode_deactivate() to release the resources allocated for<br /> that DBC. Since that handling is done in the qaic_manage_ioctl() context,<br /> if the user goes away before receiving and handling the deactivation, the<br /> host will be out-of-sync with the DBCs available for use, and the DBC<br /> resources will not be freed unless the device is removed. If another user<br /> loads and requests to activate a network, then the device assigns the same<br /> DBC to that network, QAIC will "indefinitely" wait for dbc-&gt;in_use = false,<br /> leading the user process to hang.<br /> <br /> As a solution to this, handle QAIC_TRANS_DEACTIVATE_FROM_DEV transactions<br /> that are received after the user has gone away.