Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-43061— serial: 8250: Fix TX deadlock when using DMA

AI Predicted 5.3 Difficulty: Moderate EPSS 0.09% · P1

Possible ATT&CK Techniques 1AI

T1059 · Command and Scripting Interpreter

Affected Version Matrix 27

VendorProductVersion RangeStatus
LinuxLinux7c47e637dfadfbc691dd297b91d81ef939ca2080< 8190f9ab6ad90cb97652adbebd238b874a4ef70daffected
bf3f395b9c37956eca866c9e1679769ed7dcce68< 79a19bd936bb35f56ef0ccab1b3b59ebce8c762daffected
d470522c597b73e63cca04f3012aec28185113b7< f76d91271bcacbd759a2e4ee3ea61faa6a727ccfaffected
5e00346deb7bf40a4cf70e3716ac8e9a2409eb55< d2719a0a9c3439abf67843a5504b7afccd9ded93affected
c8a52c772c7c6de72257a435bcad03d3bb914a70< 2a72403b985aea6b4aac3171830492f9a387f9e1affected
9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583< 5f6b17562f03fc65c7d3474ef8f1959b19d1ca41affected
9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583< b5ad887339503103d0fbe9827b16ad287597c275affected
9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583< a424a34b8faddf97b5af41689087e7a230f79ba7affected
… +19 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43061

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
serial: 8250: Fix TX deadlock when using DMA
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA `dmaengine_terminate_async` does not guarantee that the `__dma_tx_complete` callback will run. The callback is currently the only place where `dma->tx_running` gets cleared. If the transaction is canceled and the callback never runs, then `dma->tx_running` will never get cleared and we will never schedule new TX DMA transactions again. This change makes it so we clear `dma->tx_running` after we terminate the DMA transaction. This is "safe" because `serial8250_tx_dma_flush` is holding the UART port lock. The first thing the callback does is also grab the UART port lock, so access to `dma->tx_running` is serialized.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于8250串口DMA传输取消时未清除tx_running标志,可能导致TX DMA事务无法再次调度。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 7c47e637dfadfbc691dd297b91d81ef939ca2080 ~ 8190f9ab6ad90cb97652adbebd238b874a4ef70d -
LinuxLinux 6.14 -

II. Public POCs for CVE-2026-43061

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-43061

登录查看更多情报信息。

Patches & Fixes for CVE-2026-43061 (8)

Same Patch Batch · Linux · 2026-05-05 · 15 CVEs total

CVE-2026-430679.8 CRITICALext4: handle wraparound when searching for blocks for indirect mapped blocks
CVE-2026-430719.1 CRITICALdcache: Limit the minimal number of bucket to two
CVE-2026-430707.8 HIGHbpf: Reset register ID for BPF_END value tracking
CVE-2026-430637.8 HIGHxfs: don't irele after failing to iget in xfs_attri_recover_work
CVE-2026-430607.8 HIGHnetfilter: nft_ct: drop pending enqueued packets on removal
CVE-2026-430627.1 HIGHBluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()
CVE-2026-43073x86-64: rename misleadingly named '__copy_user_nocache()' function
CVE-2026-43072drm/vc4: platform_get_irq_byname() returns an int
CVE-2026-43069Bluetooth: hci_ll: Fix firmware leak on error path
CVE-2026-43068ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()
CVE-2026-43066ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths
CVE-2026-43065ext4: always drain queued discard work in ext4_mb_release()
CVE-2026-43064dmaengine: idxd: Fix not releasing workqueue on .release()
CVE-2026-43059Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers

IV. Related Vulnerabilities

V. Comments for CVE-2026-43061

No comments yet


Leave a comment