CVE-2026-43061

Summary

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: Fix TX deadlock when using DMA

dmaengine_terminate_async does not guarantee that the __dma_tx_complete callback will run. The callback is currently the only place where dma->tx_running gets cleared. If the transaction is canceled and the callback never runs, then dma->tx_running will never get cleared and we will never schedule new TX DMA transactions again.

This change makes it so we clear dma->tx_running after we terminate the DMA transaction. This is "safe" because serial8250_tx_dma_flush is holding the UART port lock. The first thing the callback does is also grab the UART port lock, so access to dma->tx_running is serialized.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7c47e637dfadfbc691dd297b91d81ef939ca2080 < 8190f9ab6ad90cb97652adbebd238b874a4ef70daffected
LinuxLinuxbf3f395b9c37956eca866c9e1679769ed7dcce68 < 79a19bd936bb35f56ef0ccab1b3b59ebce8c762daffected
LinuxLinuxd470522c597b73e63cca04f3012aec28185113b7 < f76d91271bcacbd759a2e4ee3ea61faa6a727ccfaffected
LinuxLinux5e00346deb7bf40a4cf70e3716ac8e9a2409eb55 < d2719a0a9c3439abf67843a5504b7afccd9ded93affected
LinuxLinuxc8a52c772c7c6de72257a435bcad03d3bb914a70 < 2a72403b985aea6b4aac3171830492f9a387f9e1affected
LinuxLinux9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 < 5f6b17562f03fc65c7d3474ef8f1959b19d1ca41affected
LinuxLinux9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 < b5ad887339503103d0fbe9827b16ad287597c275affected
LinuxLinux9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 < a424a34b8faddf97b5af41689087e7a230f79ba7affected
LinuxLinuxbbec5998d7bd349730f59c959a8b00cfff816e34affected
LinuxLinux59f751db7f392fa7a58cbd972205982f7f4f5854affected
LinuxLinux5.10.235 < 5.10.253affected
LinuxLinux5.15.179 < 5.15.203affected
LinuxLinux6.1.129 < 6.1.167affected
LinuxLinux6.6.79 < 6.6.130affected
LinuxLinux6.12.16 < 6.12.78affected
LinuxLinux5.4.291 < 5.5affected
LinuxLinux6.13.4 < 6.14affected
LinuxLinux6.14affected
LinuxLinux0 < 6.14unaffected
LinuxLinux5.10.253 <= 5.10.*unaffected
LinuxLinux5.15.203 <= 5.15.*unaffected
LinuxLinux6.1.167 <= 6.1.*unaffected
LinuxLinux6.6.130 <= 6.6.*unaffected
LinuxLinux6.12.78 <= 6.12.*unaffected
LinuxLinux6.18.20 <= 6.18.*unaffected
LinuxLinux6.19.10 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References