CVE-2026-46049
Analyzed Analyzed - Analysis Complete
ALSA: S/PDIF Passthrough Infinite Loop in ctxfi Driver

Publication date: 2026-05-27

Last updated on: 2026-06-16

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdif_passthru_playback_get_resources() uses atc->pll_rate as the RSR for the MSR calculation loop. However, pll_rate is only updated in atc_pll_init() and not in hw_pll_init(), so it remains 0 after the card init. When spdif_passthru_playback_setup() skips atc_pll_init() for 32000 Hz, (rsr * desc.msr) always becomes 0, causing the loop to spin indefinitely. Add fallback to use atc->rsr when atc->pll_rate is 0. This reflects the hardware state, since hw_card_init() already configures the PLL to the default RSR.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-16
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-46049
EUVD
EUVD-2026-32431
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.86 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.175 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.209 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.27 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.4 (exc)
linux linux_kernel From 2.6.31 (inc) to 5.10.258 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's ALSA sound subsystem, specifically in the ctxfi component handling S/PDIF playback. The function spdif_passthru_playback_get_resources() uses a parameter called pll_rate for a calculation loop, but pll_rate is only updated in one initialization function (atc_pll_init()) and not in another (hw_pll_init()). As a result, pll_rate can remain zero after the sound card is initialized.

When the spdif_passthru_playback_setup() function skips the atc_pll_init() step for a 32000 Hz sample rate, the calculation involving pll_rate results in zero, causing an infinite loop in the code. The fix adds a fallback to use a different parameter (atc->rsr) when pll_rate is zero, which correctly reflects the hardware state and prevents the infinite loop.

Impact Analysis

This vulnerability can cause the affected Linux kernel system to enter an infinite loop during S/PDIF playback setup at a 32000 Hz sample rate. This could lead to a hang or freeze of the audio subsystem or potentially the entire system, resulting in denial of service or degraded system performance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46049. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart