{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43357", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:56.005Z", "datePublished": "2026-05-08T14:21:13.050Z", "dateUpdated": "2026-05-11T22:23:00.799Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:23:00.799Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gyro: mpu3050-core: fix pm_runtime error handling\n\nThe return value of pm_runtime_get_sync() is not checked, allowing\nthe driver to access hardware that may fail to resume. The device\nusage count is also unconditionally incremented. Use\npm_runtime_resume_and_get() which propagates errors and avoids\nincrementing the usage count on failure.\n\nIn preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate()\nfailure since postdisable does not run when preenable fails."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/gyro/mpu3050-core.c"], "versions": [{"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "935f57dd43492240e1ca220dd065d624efece6be", "status": "affected", "versionType": "git"}, {"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "8544c488e50206f00630a8bbba43d2c8bd290345", "status": "affected", "versionType": "git"}, {"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "35f54e7bcb1eccdc6e5bff06580eeef2e0ff3677", "status": "affected", "versionType": "git"}, {"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "2a86a396aa001a9f9ba2d37dda36573a76f17c90", "status": "affected", "versionType": "git"}, {"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "66c0d1d600e7be034959cf49edab104cb5a39258", "status": "affected", "versionType": "git"}, {"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "42685cf96e28262e0b84d74447f3d99f3f6a72e0", "status": "affected", "versionType": "git"}, {"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "7a3dec5b265cf87678b10c98a72a435a8e769bb7", "status": "affected", "versionType": "git"}, {"version": "3904b28efb2c780c23dcddfb87e07fe0230661e5", "lessThan": "acc3949aab3e8094641a9c7c2768de1958c88378", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/iio/gyro/mpu3050-core.c"], "versions": [{"version": "4.10", "status": "affected"}, {"version": "0", "lessThan": "4.10", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.253", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.203", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.19", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.9", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "5.10.253"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "5.15.203"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.18.19"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "6.19.9"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.10", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/935f57dd43492240e1ca220dd065d624efece6be"}, {"url": "https://git.kernel.org/stable/c/8544c488e50206f00630a8bbba43d2c8bd290345"}, {"url": "https://git.kernel.org/stable/c/35f54e7bcb1eccdc6e5bff06580eeef2e0ff3677"}, {"url": "https://git.kernel.org/stable/c/2a86a396aa001a9f9ba2d37dda36573a76f17c90"}, {"url": "https://git.kernel.org/stable/c/66c0d1d600e7be034959cf49edab104cb5a39258"}, {"url": "https://git.kernel.org/stable/c/42685cf96e28262e0b84d74447f3d99f3f6a72e0"}, {"url": "https://git.kernel.org/stable/c/7a3dec5b265cf87678b10c98a72a435a8e769bb7"}, {"url": "https://git.kernel.org/stable/c/acc3949aab3e8094641a9c7c2768de1958c88378"}], "title": "iio: gyro: mpu3050-core: fix pm_runtime error handling", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gyro: mpu3050-core: fix pm_runtime error handling\n\nThe return value of pm_runtime_get_sync() is not checked, allowing\nthe driver to access hardware that may fail to resume. The device\nusage count is also unconditionally incremented. Use\npm_runtime_resume_and_get() which propagates errors and avoids\nincrementing the usage count on failure.\n\nIn preenable, add pm_runtime_put_autosuspend() on set_8khz_samplerate()\nfailure since postdisable does not run when preenable fails."}], "id": "CVE-2026-43357", "lastModified": "2026-05-12T14:10:27.343", "metrics": {}, "published": "2026-05-08T15:16:46.477", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2a86a396aa001a9f9ba2d37dda36573a76f17c90"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/35f54e7bcb1eccdc6e5bff06580eeef2e0ff3677"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/42685cf96e28262e0b84d74447f3d99f3f6a72e0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/66c0d1d600e7be034959cf49edab104cb5a39258"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/7a3dec5b265cf87678b10c98a72a435a8e769bb7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8544c488e50206f00630a8bbba43d2c8bd290345"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/935f57dd43492240e1ca220dd065d624efece6be"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/acc3949aab3e8094641a9c7c2768de1958c88378"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: iio: gyro: mpu3050-core: fix pm_runtime error handling", "id": "2468154", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468154"}, "csaw": false, "cwe": "CWE-390", "details": ["A flaw was found in the `iio: gyro: mpu3050-core` driver of the Linux kernel. Incorrect error handling in the power management runtime functions allows the driver to attempt accessing hardware that may have failed to resume. This can lead to an unconditionally incremented device usage count, potentially causing system instability or resource exhaustion."], "name": "CVE-2026-43357", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43357\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43357\nhttps://lore.kernel.org/linux-cve-announce/2026050824-CVE-2026-43357-4d3f@gregkh/T"]}