CVE-2026-43455

A flaw was found in the Linux kernel's Message Control Transport Protocol (MCTP) module. A race condition exists in the `mctp_flow_prepare_output()` function where a lock is not properly held during a critical check-and-set operation. This can lead to multiple device references being acquired without proper tracking for release, resulting in a resource leak. Over time, this resource leak could potentially lead to system instability or a denial of service.