CVE intelligence and bounded remediation
CVE-2026-43054 — Linux Linux Kernel security vulnerability
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Drain commands in target_reset handler tcm_loop_target_reset() violates the SCSI EH contract: it returns SUCCESS without draining any in-flight commands. The SCSI EH documentation (scsi_eh.rst) requires that when a reset handler returns SUCCESS the driver has made lower layers "forget about timed out scmds" and is ready for new commands. Every other SCSI LLD (virtio_scsi, mpt3sas, ipr, scsi_debug, mpi3mr) enforces this by draining or completing outstanding commands before returning SUCCESS. Because tcm_loop_target_reset() doesn't drain, the SCSI EH reuses in-flight scsi_cmnd structures for recovery commands (e.g. TUR) while the target core still has async completion work queued for the old se_cmd. The memset in queuecommand zeroes se_lun and lun_ref_active, causing transport_lun_remove_cmd() to skip its percpu_ref_put(). The leaked LUN reference prevents transport_clear_lun_ref() from completing, hanging configfs LUN unlink forever in D-state: INFO: task rm:264 blocked for more than 122 seconds. rm D 0 264 258 0x00004000 Call Trace: __schedule+0x3d0/0x8e0 schedule+0x36/0xf0 transport_clear_…
- Severity
- Medium
- CVSS
- 5.5 (3.1)
- Published
- 2026-05-01
- CISA KEV
- Not currently listed
- Ecosystem
- linux/kernel
- Weaknesses
- CWE-772
Affected products
- linux / linux_kernel
- linux / linux_kernel / 7.0
Matched remediation archetype
General vulnerability remediation
This catalog composition supplies bounded fallback guidance. Explicitly reviewed curated workflows load with the complete record below.
Check exposure
- Confirm the affected component, deployment paths, reachable interfaces, and enabled features from inventories and configuration, without probing production destructively.
- Compare the advisory's affected conditions with the repository lockfiles, build manifests, artifacts, and runtime inventory.
- Identify data sensitivity, trust boundaries, and privilege level for every confirmed affected deployment.
Remediate safely
- Apply a vendor-supported fix or remove the affected component or feature; record the selected change and its source in the repository.
- Update direct and transitive dependency locks, generated artifacts, deployment manifests, and asset inventories together.
- Add a regression test for the documented unsafe condition using inert inputs and preserve rollback instructions.
Authoritative sources
Complete CVE record and remediation plan
The detailed catalog view below loads this exact record, its source evidence, and the full seven-phase agentic change plan.