CVE-2026-43061
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
serial: 8250: Fix TX deadlock when using DMA
dmaengine_terminate_async does not guarantee that the
__dma_tx_complete callback will run. The callback is currently the
only place where dma->tx_running gets cleared. If the transaction is
canceled and the callback never runs, then dma->tx_running will never
get cleared and we will never schedule new TX DMA transactions again.
This change makes it so we clear dma->tx_running after we terminate
the DMA transaction. This is "safe" because serial8250_tx_dma_flush
is holding the UART port lock. The first thing the callback does is also
grab the UART port lock, so access to dma->tx_running is serialized.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7c47e637dfadfbc691dd297b91d81ef939ca2080 < 8190f9ab6ad90cb97652adbebd238b874a4ef70d | affected |
| Linux | Linux | bf3f395b9c37956eca866c9e1679769ed7dcce68 < 79a19bd936bb35f56ef0ccab1b3b59ebce8c762d | affected |
| Linux | Linux | d470522c597b73e63cca04f3012aec28185113b7 < f76d91271bcacbd759a2e4ee3ea61faa6a727ccf | affected |
| Linux | Linux | 5e00346deb7bf40a4cf70e3716ac8e9a2409eb55 < d2719a0a9c3439abf67843a5504b7afccd9ded93 | affected |
| Linux | Linux | c8a52c772c7c6de72257a435bcad03d3bb914a70 < 2a72403b985aea6b4aac3171830492f9a387f9e1 | affected |
| Linux | Linux | 9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 < 5f6b17562f03fc65c7d3474ef8f1959b19d1ca41 | affected |
| Linux | Linux | 9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 < b5ad887339503103d0fbe9827b16ad287597c275 | affected |
| Linux | Linux | 9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 < a424a34b8faddf97b5af41689087e7a230f79ba7 | affected |
| Linux | Linux | bbec5998d7bd349730f59c959a8b00cfff816e34 | affected |
| Linux | Linux | 59f751db7f392fa7a58cbd972205982f7f4f5854 | affected |
| Linux | Linux | 5.10.235 < 5.10.253 | affected |
| Linux | Linux | 5.15.179 < 5.15.203 | affected |
| Linux | Linux | 6.1.129 < 6.1.167 | affected |
| Linux | Linux | 6.6.79 < 6.6.130 | affected |
| Linux | Linux | 6.12.16 < 6.12.78 | affected |
| Linux | Linux | 5.4.291 < 5.5 | affected |
| Linux | Linux | 6.13.4 < 6.14 | affected |
| Linux | Linux | 6.14 | affected |
| Linux | Linux | 0 < 6.14 | unaffected |
| Linux | Linux | 5.10.253 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.203 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.167 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.130 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.78 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.20 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.10 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/8190f9ab6ad90cb97652adbebd238b874a4ef70d
- https://git.kernel.org/stable/c/79a19bd936bb35f56ef0ccab1b3b59ebce8c762d
- https://git.kernel.org/stable/c/f76d91271bcacbd759a2e4ee3ea61faa6a727ccf
- https://git.kernel.org/stable/c/d2719a0a9c3439abf67843a5504b7afccd9ded93
- https://git.kernel.org/stable/c/2a72403b985aea6b4aac3171830492f9a387f9e1
- https://git.kernel.org/stable/c/5f6b17562f03fc65c7d3474ef8f1959b19d1ca41
- https://git.kernel.org/stable/c/b5ad887339503103d0fbe9827b16ad287597c275
- https://git.kernel.org/stable/c/a424a34b8faddf97b5af41689087e7a230f79ba7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.