{
  "affected": [
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:13",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.12.85-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "ecosystem_specific": {
        "urgency": "not yet assigned"
      },
      "package": {
        "ecosystem": "Debian:14",
        "name": "linux"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "6.19.10-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "In the Linux kernel, the following vulnerability has been resolved:  scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend  In __ufshcd_wl_suspend(), cancel_delayed_work_sync() is called to cancel the UFS RTC work, but it is placed after ufshcd_vops_suspend(hba, pm_op, POST_CHANGE). This creates a race condition where ufshcd_rtc_work() can still be running while ufshcd_vops_suspend() is executing. When UFSHCD_CAP_CLK_GATING is not supported, the condition !hba-\u003eclk_gating.active_reqs is always true, causing ufshcd_update_rtc() to be executed. Since ufshcd_vops_suspend() typically performs clock gating operations, executing ufshcd_update_rtc() at that moment triggers an SError. The kernel panic trace is as follows:  Kernel panic - not syncing: Asynchronous SError Interrupt Call trace:  dump_backtrace+0xec/0x128  show_stack+0x18/0x28  dump_stack_lvl+0x40/0xa0  dump_stack+0x18/0x24  panic+0x148/0x374  nmi_panic+0x3c/0x8c  arm64_serror_panic+0x64/0x8c  do_serror+0xc4/0xc8  el1h_64_error_handler+0x34/0x4c  el1h_64_error+0x68/0x6c  el1_interrupt+0x20/0x58  el1h_64_irq_handler+0x18/0x24  el1h_64_irq+0x68/0x6c  ktime_get+0xc4/0x12c  ufshcd_mcq_sq_stop+0x4c/0xec  ufshcd_mcq_sq_cleanup+0x64/0x1dc  ufshcd_clear_cmd+0x38/0x134  ufshcd_issue_dev_cmd+0x298/0x4d0  ufshcd_exec_dev_cmd+0x1a4/0x1c4  ufshcd_query_attr+0xbc/0x19c  ufshcd_rtc_work+0x10c/0x1c8  process_scheduled_works+0x1c4/0x45c  worker_thread+0x32c/0x3e8  kthread+0x120/0x1d8  ret_from_fork+0x10/0x20  Fix this by moving cancel_delayed_work_sync() before the call to ufshcd_vops_suspend(hba, pm_op, PRE_CHANGE), ensuring the UFS RTC work is fully completed or cancelled at that point.",
  "id": "DEBIAN-CVE-2026-43415",
  "modified": "2026-05-22T16:48:24.754753601Z",
  "published": "2026-05-08T15:16:53.477Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://security-tracker.debian.org/tracker/CVE-2026-43415"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "upstream": [
    "CVE-2026-43415"
  ]
}