CVE-2026-43352

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue<br /> <br /> The logic used to abort the DMA ring contains several flaws:<br /> <br /> 1. The driver unconditionally issues a ring abort even when the ring has<br /> already stopped.<br /> 2. The completion used to wait for abort completion is never<br /> re-initialized, resulting in incorrect wait behavior.<br /> 3. The abort sequence unintentionally clears RING_CTRL_ENABLE, which<br /> resets hardware ring pointers and disrupts the controller state.<br /> 4. If the ring is already stopped, the abort operation should be<br /> considered successful without attempting further action.<br /> <br /> Fix the abort handling by checking whether the ring is running before<br /> issuing an abort, re-initializing the completion when needed, ensuring that<br /> RING_CTRL_ENABLE remains asserted during abort, and treating an already<br /> stopped ring as a successful condition.