Description
In the Linux kernel, the following vulnerability has been resolved:

ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()

This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()").

The original patch attempted to acquire the card->controls_rwsem lock in
fsl_xcvr_mode_put(). However, this function is called from the upper ALSA
core function snd_ctl_elem_write(), which already holds the write lock on
controls_rwsem for the whole put operation. So there is no need to simply
hold the lock for fsl_xcvr_activate_ctl() again.

Acquiring the read lock while holding the write lock in the same thread
results in a deadlock and a hung task, as reported by Alexander Stein.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is the result of reverting a prior fix that added necessary locking in the ALSA ASoC fsl_xcvr driver. The revert re‑introduces a scenario in which fsl_xcvr_mode_put() attempts to acquire the same read lock while already holding the write lock, causing a deadlock that can freeze kernel threads and expose the system to a denial‑of‑service condition within the audio subsystem. This is a classic example of CWE‑667 synchronization error, where a thread holds a write lock and then attempts to acquire a read lock, leading to a deadlock. It may also involve incorrect usage patterns that relate to CWE‑833.

Affected Systems

Affected systems include Linux kernels 5.15.201, 6.1.164, 6.12.74, 6.18.13, 6.19, and 6.6.127, all of which contain the reverted commit that removed locking from fsl_xcvr_mode_put().

Risk and Exploitability

The flaw can be triggered by a local user who can write to ALSA control elements, driving the vulnerable code path in fsl_xcvr_mode_put(). The vulnerability manifests as a deadlock and a hung task in kernel space, causing a denial‑of‑service to the audio subsystem. The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of 0.00032 (less than 1%) shows a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been actively exploited. The affected kernel releases include 5.15.201, 6.1.164, 6.12.74, 6.18.13, 6.19, and 6.6.127, which all contain the reversed commit that removed the lock.

Generated by OpenCVE AI on June 9, 2026 at 23:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a build that excludes the revert commit or includes the original locking fix.
  • If an upgrade is not immediately possible, revert the commit that removed the lock to restore the original synchronization logic.
  • As an alternative, create a custom patch that reinserts the missing lock acquisition in fsl_xcvr_mode_put() and apply it to the running kernel.
  • Monitor the system for audio subsystem hangs and consider disabling ALSA controls that trigger fsl_xcvr_activate_ctl() until a permanent fix is in place.

Generated by OpenCVE AI on June 9, 2026 at 23:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667
CPEs cpe:2.3:o:linux:linux_kernel:5.15.201:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.1.164:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12.74:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.18.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.19:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.6.127:*:*:*:*:*:*:*

Thu, 04 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 03 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()"). The original patch attempted to acquire the card->controls_rwsem lock in fsl_xcvr_mode_put(). However, this function is called from the upper ALSA core function snd_ctl_elem_write(), which already holds the write lock on controls_rwsem for the whole put operation. So there is no need to simply hold the lock for fsl_xcvr_activate_ctl() again. Acquiring the read lock while holding the write lock in the same thread results in a deadlock and a hung task, as reported by Alexander Stein.
Title ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:49:59.980Z

Reserved: 2026-05-13T15:03:33.108Z

Link: CVE-2026-46262

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:27.513

Modified: 2026-06-09T19:59:58.960

Link: CVE-2026-46262

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46262 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T23:15:16Z

Weaknesses