CVE-2026-46041
Analyzed Analyzed - Analysis Complete
Linux Kernel Sleep in Atomic Context in Greybus

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: fix sleep in atomic context in hdlc_tx_frames() hdlc_append() calls usleep_range() to wait for circular buffer space, but it is called with tx_producer_lock (a spinlock) held via hdlc_tx_frames() -> hdlc_append_tx_frame()/hdlc_append_tx_u8()/etc. Sleeping while holding a spinlock is illegal and can trigger "BUG: scheduling while atomic". Fix this by moving the buffer-space wait out of hdlc_append() and into hdlc_tx_frames(), before the spinlock is acquired. The new flow: 1. Pre-calculate the worst-case encoded frame length. 2. Wait (with sleep) outside the lock until enough space is available, kicking the TX consumer work to drain the buffer. 3. Acquire the spinlock, re-verify space, and write the entire frame atomically. This ensures that sleeping only happens without any lock held, and that frames are either fully enqueued or not written at all. This bug is found by CodeQL static analysis tool (interprocedural sleep-in-atomic query) and my code review.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46041
EUVD
EUVD-2026-32422
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.86 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.27 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's greybus gb-beagleplay component, specifically in the hdlc_tx_frames() function. The issue arises because the function hdlc_append() calls usleep_range() to wait for space in a circular buffer while holding a spinlock (tx_producer_lock). Sleeping while holding a spinlock is illegal and can cause a kernel bug known as "scheduling while atomic."

The fix involves moving the sleep operation outside of the spinlock. The new process first calculates the worst-case frame length, then waits (sleeps) outside the lock until enough buffer space is available, and finally acquires the spinlock to write the frame atomically. This ensures that sleeping does not occur while holding a lock and that frames are either fully enqueued or not written at all.

Impact Analysis

This vulnerability can cause the Linux kernel to encounter a critical error known as "BUG: scheduling while atomic," which may lead to system instability or crashes. Since the bug involves improper sleeping while holding a spinlock, it can disrupt normal kernel scheduling and potentially affect the reliability and performance of systems using the affected greybus gb-beagleplay component.

Detection Guidance

This vulnerability is related to improper sleeping in atomic context within the Linux kernel's greybus gb-beagleplay driver, specifically in the hdlc_tx_frames() function. It is detected by static code analysis tools such as CodeQL using the interprocedural sleep-in-atomic query.

There are no specific network or system commands provided to detect this vulnerability dynamically or at runtime.

Mitigation Strategies

The vulnerability has been fixed by modifying the code to move the sleep operation outside of the spinlock context, ensuring that sleeping only happens without any lock held.

Immediate mitigation steps would involve updating the Linux kernel to a version that includes this fix for the greybus gb-beagleplay driver.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46041. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart