CVE-2026-46262

Summary

In the Linux kernel, the following vulnerability has been resolved:

ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()

This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()").

The original patch attempted to acquire the card->controls_rwsem lock in fsl_xcvr_mode_put(). However, this function is called from the upper ALSA core function snd_ctl_elem_write(), which already holds the write lock on controls_rwsem for the whole put operation. So there is no need to simply hold the lock for fsl_xcvr_activate_ctl() again.

Acquiring the read lock while holding the write lock in the same thread results in a deadlock and a hung task, as reported by Alexander Stein.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux612ffe1f4f0499b3011f16d06e354a76dae2e2d1 < ae5a70e3e87c28edbaf9939cfef1bcbd9615420faffected
LinuxLinux38354c82abe7bcbcd1182a06af89d3cc16d3e2c7 < 30ffcad5edb56947dccc26f6816ab7a55b21a711affected
LinuxLinux61e007657bf7740d54ca2aadce0fb5997839818e < 29b2fbe3498da3681a01b34e4a2259f8a1b89448affected
LinuxLinuxdaaf4fe333e0d48b2037cd2270bf1ff8f70d5068 < b0f74f5d24fe3c73ef1369a811891198b54c1e8eaffected
LinuxLinuxcab928242853a832ffa7efda270ecfb9efeebb6e < 9a2a5da002775376498e8814df4a87cd629a3a0caffected
LinuxLinuxf514248727606b9087bc38a284ff686e0093abf1 < 0886dc6326c3cc596799c4340d342898301cf52aaffected
LinuxLinuxf514248727606b9087bc38a284ff686e0093abf1 < 9f16d96e1222391a6b996a1b676bec14fb91e3b2affected
LinuxLinux5.15.201 < 5.15.202affected
LinuxLinux6.1.164 < 6.1.165affected
LinuxLinux6.6.127 < 6.6.128affected
LinuxLinux6.12.74 < 6.12.75affected
LinuxLinux6.18.13 < 6.18.14affected
LinuxLinux6.19affected
LinuxLinux0 < 6.19unaffected
LinuxLinux5.15.202 <= 5.15.*unaffected
LinuxLinux6.1.165 <= 6.1.*unaffected
LinuxLinux6.6.128 <= 6.6.*unaffected
LinuxLinux6.12.75 <= 6.12.*unaffected
LinuxLinux6.18.14 <= 6.18.*unaffected
LinuxLinux6.19.4 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References