CVE-2026-23115
Unknown Unknown - Not Provided
Race Condition in Linux Kernel Serial Driver Causes Kernel Crash

Publication date: 2026-02-14

Last updated on: 2026-03-18

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial: remove redundant tty_port_link_device()") because the tty_port_link_device() is not redundant: the tty->port has to be confured before we call uart_configure_port(), otherwise user-space can open console without TTY linked to the driver. This tty_port_link_device() was added explicitly to avoid this exact issue in commit fb2b90014d78 ("tty: link tty and port before configuring it as console"), so offending commit basically reverted the fix saying it is redundant without addressing the actual race condition presented there. Reproducible always as tty->port warning on Qualcomm SoC with most of devices disabled, so with very fast boot, and one serial device being the console: printk: legacy console [ttyMSM0] enabled printk: legacy console [ttyMSM0] enabled printk: legacy bootconsole [qcom_geni0] disabled printk: legacy bootconsole [qcom_geni0] disabled ------------[ cut here ]------------ tty_init_dev: ttyMSM driver does not set tty->port. This would crash the kernel. Fix the driver! WARNING: drivers/tty/tty_io.c:1414 at tty_init_dev.part.0+0x228/0x25c, CPU#2: systemd/1 Modules linked in: socinfo tcsrcc_eliza gcc_eliza sm3_ce fuse ipv6 CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G S 6.19.0-rc4-next-20260108-00024-g2202f4d30aa8 #73 PREEMPT Tainted: [S]=CPU_OUT_OF_SPEC Hardware name: Qualcomm Technologies, Inc. Eliza (DT) ... tty_init_dev.part.0 (drivers/tty/tty_io.c:1414 (discriminator 11)) (P) tty_open (arch/arm64/include/asm/atomic_ll_sc.h:95 (discriminator 3) drivers/tty/tty_io.c:2073 (discriminator 3) drivers/tty/tty_io.c:2120 (discriminator 3)) chrdev_open (fs/char_dev.c:411) do_dentry_open (fs/open.c:962) vfs_open (fs/open.c:1094) do_open (fs/namei.c:4634) path_openat (fs/namei.c:4793) do_filp_open (fs/namei.c:4820) do_sys_openat2 (fs/open.c:1391 (discriminator 3)) ... Starting Network Name Resolution... Apparently the flow with this small Yocto-based ramdisk user-space is: driver (qcom_geni_serial.c): user-space: ============================ =========== qcom_geni_serial_probe() uart_add_one_port() serial_core_register_port() serial_core_add_one_port() uart_configure_port() register_console() | | open console | ... | tty_init_dev() | driver->ports[idx] is NULL | tty_port_register_device_attr_serdev() tty_port_link_device() <- set driver->ports[idx]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-18
Generated
2026-05-27
AI Q&A
2026-02-14
EPSS Evaluated
2026-05-25
NVD
CVE-2026-23115
EUVD
EUVD-2026-6029
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel 6.19
linux linux_kernel From 6.15 (inc) to 6.18.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a race condition in the Linux kernel's serial driver related to the tty->port configuration. A commit that removed the call to tty_port_link_device() was reverted because that call is necessary to link the tty port before configuring it with uart_configure_port(). Without this link, user-space can open the console without the TTY being properly linked to the driver, which can cause kernel warnings and potentially crashes.

The issue occurs because the tty->port is not set before uart_configure_port() is called, leading to a race condition. This was reproducible on Qualcomm SoCs with fast boot and certain serial devices used as consoles, causing kernel warnings and instability.


How can this vulnerability impact me? :

This vulnerability can cause kernel warnings and potentially crash the kernel due to the tty->port not being set correctly before the console is opened. This can lead to system instability, especially on devices using Qualcomm SoCs with fast boot sequences and serial devices as consoles.

If exploited or triggered, it could disrupt normal system operation, causing unexpected reboots or failures in the console interface, which may impact system reliability and availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by observing kernel warning messages related to the tty port race condition. Specifically, look for messages like "tty_init_dev: ttyMSM driver does not set tty->port. This would crash the kernel. Fix the driver!" in the kernel logs.

To detect this on your system, you can check the kernel log for these warnings using commands such as:

  • dmesg | grep 'tty_init_dev'
  • journalctl -k | grep 'tty_init_dev'
  • grep 'tty_init_dev' /var/log/kern.log

These commands will help identify if the race condition warning is present, indicating the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to ensure that the tty->port is properly set before calling uart_configure_port(). This involves reverting any commits that removed the necessary tty_port_link_device() call, as this function links the tty and port to avoid the race condition.

In practice, this means applying the fix that reverts the offending commit bfc467db60b7 and restores the call to tty_port_link_device() in the serial driver code.

Additionally, monitor kernel logs for the warning message and avoid using affected serial drivers or devices until the fix is applied.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart