CVE-2026-43061 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

serial: 8250: Fix TX deadlock when using DMA

`dmaengine_terminate_async` does not guarantee that the
`__dma_tx_complete` callback will run. The callback is currently the
only place where `dma->tx_running` gets cleared. If the transaction is
canceled and the callback never runs, then `dma->tx_running` will never
get cleared and we will never schedule new TX DMA transactions again.

This change makes it so we clear `dma->tx_running` after we terminate
the DMA transaction. This is "safe" because `serial8250_tx_dma_flush`
is holding the UART port lock. The first thing the callback does is also
grab the UART port lock, so access to `dma->tx_running` is serialized.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`7c47e637dfadfbc691dd297b91d81ef939ca2080`	affected	< 8190f9ab6ad90cb97652adbebd238b874a4ef70d
`bf3f395b9c37956eca866c9e1679769ed7dcce68`	affected	< 79a19bd936bb35f56ef0ccab1b3b59ebce8c762d
`d470522c597b73e63cca04f3012aec28185113b7`	affected	< f76d91271bcacbd759a2e4ee3ea61faa6a727ccf
`5e00346deb7bf40a4cf70e3716ac8e9a2409eb55`	affected	< d2719a0a9c3439abf67843a5504b7afccd9ded93
`c8a52c772c7c6de72257a435bcad03d3bb914a70`	affected	< 2a72403b985aea6b4aac3171830492f9a387f9e1
`9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583`	affected	< 5f6b17562f03fc65c7d3474ef8f1959b19d1ca41
`9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583`	affected	< b5ad887339503103d0fbe9827b16ad287597c275
`9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583`	affected	< a424a34b8faddf97b5af41689087e7a230f79ba7
`bbec5998d7bd349730f59c959a8b00cfff816e34`	affected	—
`59f751db7f392fa7a58cbd972205982f7f4f5854`	affected	—

Linux

affected

Version	Status	Constraints
`6.14`	affected	—
`0`	unaffected	< 6.14
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.78`	unaffected	≤ 6.12.*
`6.18.20`	unaffected	≤ 6.18.*
`6.19.10`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Project Subscriptions

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/2a72403b985aea6b4aac3171830492f9a387f9e1
https://git.kernel.org/stable/c/5f6b17562f03fc65c7d3474ef8f1959b19d1ca41
https://git.kernel.org/stable/c/79a19bd936bb35f56ef0ccab1b3b59ebce8c762d
https://git.kernel.org/stable/c/8190f9ab6ad90cb97652adbebd238b874a4ef70d
https://git.kernel.org/stable/c/a424a34b8faddf97b5af41689087e7a230f79ba7
https://git.kernel.org/stable/c/b5ad887339503103d0fbe9827b16ad287597c275
https://git.kernel.org/stable/c/d2719a0a9c3439abf67843a5504b7afccd9ded93
https://git.kernel.org/stable/c/f76d91271bcacbd759a2e4ee3ea61faa6a727ccf

History

Tue, 05 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-668

Tue, 05 May 2026 16:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA `dmaengine_terminate_async` does not guarantee that the `__dma_tx_complete` callback will run. The callback is currently the only place where `dma->tx_running` gets cleared. If the transaction is canceled and the callback never runs, then `dma->tx_running` will never get cleared and we will never schedule new TX DMA transactions again. This change makes it so we clear `dma->tx_running` after we terminate the DMA transaction. This is "safe" because `serial8250_tx_dma_flush` is holding the UART port lock. The first thing the callback does is also grab the UART port lock, so access to `dma->tx_running` is serialized.
Title		serial: 8250: Fix TX deadlock when using DMA
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2a72403b985aea6b4aac3171830492f9a387f9e1 https://git.kernel.org/stable/c/5f6b17562f03fc65c7d3474ef8f1959b19d1ca41 https://git.kernel.org/stable/c/79a19bd936bb35f56ef0ccab1b3b59ebce8c762d https://git.kernel.org/stable/c/8190f9ab6ad90cb97652adbebd238b874a4ef70d https://git.kernel.org/stable/c/a424a34b8faddf97b5af41689087e7a230f79ba7 https://git.kernel.org/stable/c/b5ad887339503103d0fbe9827b16ad287597c275 https://git.kernel.org/stable/c/d2719a0a9c3439abf67843a5504b7afccd9ded93 https://git.kernel.org/stable/c/f76d91271bcacbd759a2e4ee3ea61faa6a727ccf

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-05T15:17:27.079Z

Updated: 2026-05-05T15:17:27.079Z

Reserved: 2026-05-01T14:12:55.981Z

Link: CVE-2026-43061

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-05T16:16:15.210

Modified: 2026-05-05T16:16:15.210

Link: CVE-2026-43061

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-05T18:00:13Z

Weaknesses

CWE-668

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object