Home

Description

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA `dmaengine_terminate_async` does not guarantee that the `__dma_tx_complete` callback will run. The callback is currently the only place where `dma->tx_running` gets cleared. If the transaction is canceled and the callback never runs, then `dma->tx_running` will never get cleared and we will never schedule new TX DMA transactions again. This change makes it so we clear `dma->tx_running` after we terminate the DMA transaction. This is "safe" because `serial8250_tx_dma_flush` is holding the UART port lock. The first thing the callback does is also grab the UART port lock, so access to `dma->tx_running` is serialized.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-05 | Updated 2026-05-05 | Assigner Linux

Product status

Default status
unaffected

7c47e637dfadfbc691dd297b91d81ef939ca2080 (git) before 8190f9ab6ad90cb97652adbebd238b874a4ef70d
affected

bf3f395b9c37956eca866c9e1679769ed7dcce68 (git) before 79a19bd936bb35f56ef0ccab1b3b59ebce8c762d
affected

d470522c597b73e63cca04f3012aec28185113b7 (git) before f76d91271bcacbd759a2e4ee3ea61faa6a727ccf
affected

5e00346deb7bf40a4cf70e3716ac8e9a2409eb55 (git) before d2719a0a9c3439abf67843a5504b7afccd9ded93
affected

c8a52c772c7c6de72257a435bcad03d3bb914a70 (git) before 2a72403b985aea6b4aac3171830492f9a387f9e1
affected

9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 (git) before 5f6b17562f03fc65c7d3474ef8f1959b19d1ca41
affected

9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 (git) before b5ad887339503103d0fbe9827b16ad287597c275
affected

9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 (git) before a424a34b8faddf97b5af41689087e7a230f79ba7
affected

bbec5998d7bd349730f59c959a8b00cfff816e34 (git)
affected

59f751db7f392fa7a58cbd972205982f7f4f5854 (git)
affected

Default status
affected

6.14
affected

Any version before 6.14
unaffected

5.10.253 (semver)
unaffected

5.15.203 (semver)
unaffected

6.1.167 (semver)
unaffected

6.6.130 (semver)
unaffected

6.12.78 (semver)
unaffected

6.18.20 (semver)
unaffected

6.19.10 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/8190f9ab6ad90cb97652adbebd238b874a4ef70d

git.kernel.org/...c/79a19bd936bb35f56ef0ccab1b3b59ebce8c762d

git.kernel.org/...c/f76d91271bcacbd759a2e4ee3ea61faa6a727ccf

git.kernel.org/...c/d2719a0a9c3439abf67843a5504b7afccd9ded93

git.kernel.org/...c/2a72403b985aea6b4aac3171830492f9a387f9e1

git.kernel.org/...c/5f6b17562f03fc65c7d3474ef8f1959b19d1ca41

git.kernel.org/...c/b5ad887339503103d0fbe9827b16ad287597c275

git.kernel.org/...c/a424a34b8faddf97b5af41689087e7a230f79ba7

cve.org (CVE-2026-43061)

nvd.nist.gov (CVE-2026-43061)

Download JSON