CVE-2026-23472

EPSS 0.02%
Veröffentlicht 03.04.2026 15:15:51
Zuletzt bearbeitet 07.04.2026 13:20:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN

In the Linux kernel, the following vulnerability has been resolved:

serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN

uart_write_room() and uart_write() behave inconsistently when
xmit_buf is NULL (which happens for PORT_UNKNOWN ports that were
never properly initialized):

- uart_write_room() returns kfifo_avail() which can be > 0
- uart_write() checks xmit_buf and returns 0 if NULL

This inconsistency causes an infinite loop in drivers that rely on
tty_write_room() to determine if they can write:

  while (tty_write_room(tty) > 0) {
      written = tty->ops->write(...);
      // written is always 0, loop never exits
  }

For example, caif_serial's handle_tx() enters an infinite loop when
used with PORT_UNKNOWN serial ports, causing system hangs.

Fix by making uart_write_room() also check xmit_buf and return 0 if
it's NULL, consistent with uart_write().

Reproducer: https://gist.github.com/mrpre/d9a694cc0e19828ee3bc3b37983fde13

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 6

CNA 2 VulnDex Vulnerability Enrichment 13

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < efe85a557186b7fe915572ae93a8f3f78bfd9a22

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < bc70f2b36cf474d5cc8ecbcaf57f3e326fdec67c

Status affected

Version 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Version < 455ce986fa356ff43a43c0d363ba95fa152f21d5

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 2.6.12

Status affected

Version 0

Version < 2.6.12

Status unaffected

Version <= 6.18.*

Version 6.18.20

Status unaffected

Version <= 6.19.*

Version 6.19.10

Status unaffected

Version <= *

Version 7.0

Status unaffected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.066

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/efe85a557186b7fe915572ae93a8f3f78bfd9a22

https://git.kernel.org/stable/c/bc70f2b36cf474d5cc8ecbcaf57f3e326fdec67c

https://git.kernel.org/stable/c/455ce986fa356ff43a43c0d363ba95fa152f21d5

https://nvd.nist.gov/vuln/detail/CVE-2026-23472

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23472

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23472

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23472