Description
In the Linux kernel, the following vulnerability has been resolved:

ALSA: ctxfi: Add fallback to default RSR for S/PDIF

spdif_passthru_playback_get_resources() uses atc->pll_rate as the RSR
for the MSR calculation loop. However, pll_rate is only updated in
atc_pll_init() and not in hw_pll_init(), so it remains 0 after the
card init.

When spdif_passthru_playback_setup() skips atc_pll_init() for
32000 Hz, (rsr * desc.msr) always becomes 0, causing the loop to spin
indefinitely.

Add fallback to use atc->rsr when atc->pll_rate is 0. This reflects
the hardware state, since hw_card_init() already configures the PLL
to the default RSR.
Published: 2026-05-27
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ALSA ctxfi driver contains a logic error that causes an infinite loop during the setup of an S/PDIF passthrough stream at 32 kHz. Because the PLL rate is uninitialized, the MSR calculation collapses to zero and the loop never terminates, consuming CPU cycles until the thread is killed. The flaw does not provide any data exfiltration, privilege escalation, or remote code execution capability; its primary effect is a loss of audio subsystem availability and overall system responsiveness.

Affected Systems

All Linux kernel builds that include the ALSA ctxfi driver are affected. The vendor list contains only Linux; no specific kernel versions are listed, so any kernel compiling this driver path remains vulnerable.

Risk and Exploitability

The vulnerability holds a CVSS score of 5.5, and no EPSS metric is available. It is not included in the CISA KEV catalog. The likely attack vector is a local user or application that initiates an S/PDIF passthrough playback at 32 kHz. The attack requires the ability to play audio to the affected hardware, which is typically available to any authenticated user with audio output permissions. Once triggered, the infinite loop consumes CPU until it is interrupted, resulting in a denial‑of‑service for the audio subsystem and potentially the broader system. Remote exploitation is not plausible based on the available data.

Generated by OpenCVE AI on May 28, 2026 at 04:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the patch from commits 09496158f6ebba8830593f8972035c02f97124c1 through 95b1ee8442cabbde83b2848e7c6100df90f3a00d
  • If a kernel upgrade is not immediately possible, disable S/PDIF passthrough functionality by unloading the ALSA ctxfi module or configuring the driver to avoid 32 kHz passthrough streams
  • Monitor system CPU usage and audio logs for signs of the infinite loop, applying the patch or workaround as soon as it becomes available

Generated by OpenCVE AI on May 28, 2026 at 04:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 28 May 2026 03:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
CWE-718

Thu, 28 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1095
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 27 May 2026 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
CWE-718

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdif_passthru_playback_get_resources() uses atc->pll_rate as the RSR for the MSR calculation loop. However, pll_rate is only updated in atc_pll_init() and not in hw_pll_init(), so it remains 0 after the card init. When spdif_passthru_playback_setup() skips atc_pll_init() for 32000 Hz, (rsr * desc.msr) always becomes 0, causing the loop to spin indefinitely. Add fallback to use atc->rsr when atc->pll_rate is 0. This reflects the hardware state, since hw_card_init() already configures the PLL to the default RSR.
Title ALSA: ctxfi: Add fallback to default RSR for S/PDIF
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-27T12:57:05.761Z

Reserved: 2026-05-13T15:03:33.094Z

Link: CVE-2026-46049

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:24.433

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-46049

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-46049 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T04:30:06Z

Weaknesses