CVE-2026-23472
Published: Apr 3, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN uart_write_room() and uart_write() behave inconsistently when xmit_buf is NULL (which happens for PORT_UNKNOWN ports that were never properly initialized): - uart_write_room() returns kfifo_avail() which can be > 0 - uart_write() checks xmit_buf and returns 0 if NULL This inconsistency causes an infinite loop in drivers that rely on tty_write_room() to determine if they can write: while (tty_write_room(tty) > 0) { written = tty->ops->write(...); // written is always 0, loop never exits } For example, caif_serial's handle_tx() enters an infinite loop when used with PORT_UNKNOWN serial ports, causing system hangs. Fix by making uart_write_room() also check xmit_buf and return 0 if it's NULL, consistent with uart_write(). Reproducer: https://gist.github.com/mrpre/d9a694cc0e19828ee3bc3b37983fde13
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < efe85a557186b7fe915572ae93a8f3f78bfd9a22affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < bc70f2b36cf474d5cc8ecbcaf57f3e326fdec67caffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 455ce986fa356ff43a43c0d363ba95fa152f21d5 |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 6.18.20 - <= 6.18.*unaffected 6.19.10 - <= 6.19.*unaffected 7.0 - <= * |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now