CVE-2026-46262
Analyzed Analyzed - Analysis Complete
Reverted Lock Fix in Linux Kernel ASoC fsl_xcvr

Publication date: 2026-06-03

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()"). The original patch attempted to acquire the card->controls_rwsem lock in fsl_xcvr_mode_put(). However, this function is called from the upper ALSA core function snd_ctl_elem_write(), which already holds the write lock on controls_rwsem for the whole put operation. So there is no need to simply hold the lock for fsl_xcvr_activate_ctl() again. Acquiring the read lock while holding the write lock in the same thread results in a deadlock and a hung task, as reported by Alexander Stein.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-09
Generated
2026-06-12
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-11
NVD
CVE-2026-46262
EUVD
EUVD-2026-34124
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 6.19
linux linux_kernel From 6.19.1 (inc) to 6.19.4 (exc)
linux linux_kernel 5.15.201
linux linux_kernel 6.1.164
linux linux_kernel 6.12.74
linux linux_kernel 6.18.13
linux linux_kernel 6.6.127
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves a deadlock issue in the Linux kernel's ASoC fsl_xcvr driver. A previous fix attempted to acquire a read lock on a resource (card->controls_rwsem) inside the function fsl_xcvr_mode_put(), but this function is already called while holding a write lock on the same resource. Acquiring a read lock while holding a write lock in the same thread causes a deadlock, leading to a hung task.

Impact Analysis

The vulnerability can cause the system to hang or become unresponsive due to a deadlock situation in the kernel. This can affect system stability and availability, potentially disrupting audio-related functionality managed by the ALSA core and the fsl_xcvr driver.

Mitigation Strategies

The vulnerability involves a deadlock caused by acquiring a read lock while already holding a write lock in the same thread within the Linux kernel's ASoC fsl_xcvr driver.

To mitigate this vulnerability, ensure that your Linux kernel includes the fix that reverts the problematic commit f51424872760, which removes the unnecessary lock acquisition in fsl_xcvr_mode_put().

Updating your Linux kernel to a version released after 2026-06-03 that contains this revert patch is the recommended immediate step.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46262. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart