CVE-2026-43204 - Vulnerability Details

- ASoC: qcom: q6asm: drop DSP responses for closed data streams

Description

In the Linux kernel, the following vulnerability has been resolved:

ASoC: qcom: q6asm: drop DSP responses for closed data streams

'Commit a354f030dbce ("ASoC: qcom: q6asm: handle the responses
after closing")' attempted to ignore DSP responses arriving
after a stream had been closed.

However, those responses were still handled, causing lockups.

Fix this by unconditionally dropping all DSP responses associated with
closed data streams.

Published: 2026-05-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel ASoC Qualcomm q6asm driver, a flaw caused DSP responses to be processed even after an audio stream had been closed, resulting in kernel lockups. The driver failed to discard pending responses, leading to a state where the kernel waits indefinitely for an event that never arrives. This weakness is a classic example of a failure to check internal state before handling asynchronous responses. The consequence is a denial of service that removes normal operation until the system is rebooted.

Affected Systems

The vulnerability impacts the Linux kernel’s qcom q6asm (ASoC) audio driver. No specific release numbers are listed, so any kernel version that includes the driver and predates the commit that unconditionally drops DSP responses may be affected.

Risk and Exploitability

CVSS score of 5.5, EPSS score < 1%, and no KEV listing are supplied. The main impact is a disruptive lockup that can be triggered by closing an audio stream and allowing residual DSP responses to be processed. Based on the description, it is inferred that the attack can be carried out from a local or privileged context by manipulating stream state. The EPSS score of < 1% indicates a very low exploitation probability, but the moderate severity denial of service nature makes the risk high for systems where an attacker can influence audio stream handling.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`68fd8480bb7baaf361e983f75d8571f25e017c67`	affected	< 3249251eac6081d5169ba09f2d9cca66ab0cab0d
`68fd8480bb7baaf361e983f75d8571f25e017c67`	affected	< 8a066a81ee0c1b6cdbd81393536c3b2d19ccef25

Linux

affected

Version	Status	Constraints
`4.18`	affected	—
`0`	unaffected	< 4.18
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,3249251eac6081d5169ba09f2d9cca66ab0cab0d)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,8a066a81ee0c1b6cdbd81393536c3b2d19ccef25)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to include commit a354f030dbce, which unconditionally discards DSP responses once a stream is closed.
If an immediate kernel upgrade is not possible, disable or unload the q6asm audio DSP driver via module removal or kernel configuration to prevent the lockup from occurring.
Implement monitoring to detect kernel lockups and trigger automated reboots, thereby restoring service after an attack or accidental trigger.

Generated by OpenCVE AI on May 11, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3249251eac6081d5169ba09f2d9cca66ab0cab0d
https://git.kernel.org/stable/c/8a066a81ee0c1b6cdbd81393536c3b2d19ccef25
https://lore.kernel.org/linux-cve-announce/2026050647-CVE-2026-43204-f1b7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43204
https://www.cve.org/CVERecord?id=CVE-2026-43204

History

Mon, 11 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo

Thu, 07 May 2026 04:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-665

Thu, 07 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-390
References		https://lore.kernel.org/linux-cve-announce/2026050647-CVE-2026-43204-f1b7@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43204 https://www.cve.org/CVERecord?id=CVE-2026-43204
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 06 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-665

Wed, 06 May 2026 12:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6asm: drop DSP responses for closed data streams 'Commit a354f030dbce ("ASoC: qcom: q6asm: handle the responses after closing")' attempted to ignore DSP responses arriving after a stream had been closed. However, those responses were still handled, causing lockups. Fix this by unconditionally dropping all DSP responses associated with closed data streams.
Title		ASoC: qcom: q6asm: drop DSP responses for closed data streams
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3249251eac6081d5169ba09f2d9cca66ab0cab0d https://git.kernel.org/stable/c/8a066a81ee0c1b6cdbd81393536c3b2d19ccef25

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T11:28:09.617Z

Updated: 2026-05-11T22:19:59.847Z

Reserved: 2026-05-01T14:12:55.992Z

Link: CVE-2026-43204

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-06T12:16:39.623

Modified: 2026-05-11T20:06:22.667

Link: CVE-2026-43204

Redhat

Severity : Moderate

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43204 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-11T23:30:02Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object