Skip to main content

Linux Kernel EUVDEUVD-2026-34124

| CVE-2026-46262 MEDIUM
Improper Locking (CWE-667)
2026-06-03 Linux GHSA-wh6r-j4w9-v9jg
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 LOW
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 09, 2026 - 20:22 vuln.today
CVSS changed
Jun 09, 2026 - 20:07 NVD
5.5 (MEDIUM)
Patch available
Jun 03, 2026 - 19:01 EUVD
CVE Published
Jun 03, 2026 - 15:49 nvd
MEDIUM 5.5
CVE Published
Jun 03, 2026 - 15:49 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()

This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()").

The original patch attempted to acquire the card->controls_rwsem lock in fsl_xcvr_mode_put(). However, this function is called from the upper ALSA core function snd_ctl_elem_write(), which already holds the write lock on controls_rwsem for the whole put operation. So there is no need to simply hold the lock for fsl_xcvr_activate_ctl() again.

Acquiring the read lock while holding the write lock in the same thread results in a deadlock and a hung task, as reported by Alexander Stein.

AnalysisAI

Deadlock in the Linux kernel's ASoC fsl_xcvr audio driver causes a hung task and denial of service on NXP i.MX hardware. The defect was introduced by a prior patch (commit f51424872760) that erroneously added a read lock acquisition on controls_rwsem inside fsl_xcvr_mode_put(), unaware that the caller snd_ctl_elem_write() already holds the write lock on that same semaphore for the duration of the put operation. A local user with low privileges who triggers an ALSA control write on an affected system can induce an unresolvable deadlock. No public exploit exists and EPSS is 0.02%, reflecting very low real-world exploitation probability.

Technical ContextAI

The affected component is the fsl_xcvr ASoC (ALSA System on Chip) driver, which manages the NXP i.MX8 XCVR (audio transceiver) peripheral. The ALSA control subsystem serializes control element writes via snd_ctl_elem_write(), which acquires an exclusive write lock on card->controls_rwsem before invoking the driver's put callback. The faulty patch introduced a redundant read lock acquisition on the same controls_rwsem inside fsl_xcvr_mode_put(). Because Linux rwsem semantics do not allow a writer to re-acquire the same lock as a reader within the same thread, this results in a deadlock classified under CWE-667 (Improper Locking). The affected CPE is cpe:2.3:a:linux:linux on multiple stable branches. The 'Information Disclosure' tag in the source intelligence appears to be a misclassification; the CVSS vector confirms C:N (no confidentiality impact), and the actual impact is exclusively availability.

RemediationAI

The primary fix is to update the Linux kernel to one of the following patched stable versions: 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0. The fix reverts the erroneous locking commit f51424872760 across all affected stable branches; patches are available upstream at https://git.kernel.org/stable/c/ as linked in the CVE references. For systems that cannot be patched immediately and are running NXP i.MX8 hardware, a compensating control is to prevent local untrusted users from accessing ALSA control interfaces by restricting /dev/snd/* permissions or applying a seccomp/LSM policy that blocks the relevant ioctl calls (SNDRV_CTL_IOCTL_ELEM_WRITE). This mitigation trades off audio control functionality for local users and may disrupt legitimate audio applications. Unloading or blacklisting the snd_fsl_xcvr kernel module on systems where the XCVR peripheral is not in use is also an effective workaround with no functional side effects in that scenario.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Not-Affected

Share

EUVD-2026-34124 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy