serial: 8250: Fix TX deadlock when using DMA

Summary

CVE	CVE-2026-43061
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-05-05 16:16:15 UTC
Updated	2026-05-06 13:08:07 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA `dmaengine_terminate_async` does not guarantee that the `__dma_tx_complete` callback will run. The callback is currently the only place where `dma->tx_running` gets cleared. If the transaction is canceled and the callback never runs, then `dma->tx_running` will never get cleared and we will never schedule new TX DMA transactions again. This change makes it so we clear `dma->tx_running` after we terminate the DMA transaction. This is "safe" because `serial8250_tx_dma_flush` is holding the UART port lock. The first thing the callback does is also grab the UART port lock, so access to `dma->tx_running` is serialized.

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected 7c47e637dfadfbc691dd297b91d81ef939ca2080 8190f9ab6ad90cb97652adbebd238b874a4ef70d git	Not specified
CNA	Linux	Linux	affected bf3f395b9c37956eca866c9e1679769ed7dcce68 79a19bd936bb35f56ef0ccab1b3b59ebce8c762d git	Not specified
CNA	Linux	Linux	affected d470522c597b73e63cca04f3012aec28185113b7 f76d91271bcacbd759a2e4ee3ea61faa6a727ccf git	Not specified
CNA	Linux	Linux	affected 5e00346deb7bf40a4cf70e3716ac8e9a2409eb55 d2719a0a9c3439abf67843a5504b7afccd9ded93 git	Not specified
CNA	Linux	Linux	affected c8a52c772c7c6de72257a435bcad03d3bb914a70 2a72403b985aea6b4aac3171830492f9a387f9e1 git	Not specified
CNA	Linux	Linux	affected 9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 5f6b17562f03fc65c7d3474ef8f1959b19d1ca41 git	Not specified
CNA	Linux	Linux	affected 9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 b5ad887339503103d0fbe9827b16ad287597c275 git	Not specified
CNA	Linux	Linux	affected 9e512eaaf8f4008c44ede3dfc0fbc9d9c5118583 a424a34b8faddf97b5af41689087e7a230f79ba7 git	Not specified
CNA	Linux	Linux	affected bbec5998d7bd349730f59c959a8b00cfff816e34 git	Not specified
CNA	Linux	Linux	affected 59f751db7f392fa7a58cbd972205982f7f4f5854 git	Not specified
CNA	Linux	Linux	affected 6.14	Not specified
CNA	Linux	Linux	unaffected 6.14 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.253 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.203 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.167 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.130 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.78 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.20 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 6.19.10 6.19.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/79a19bd936bb35f56ef0ccab1b3b59ebce8c762d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/b5ad887339503103d0fbe9827b16ad287597c275	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/a424a34b8faddf97b5af41689087e7a230f79ba7	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/d2719a0a9c3439abf67843a5504b7afccd9ded93	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/2a72403b985aea6b4aac3171830492f9a387f9e1	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/8190f9ab6ad90cb97652adbebd238b874a4ef70d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/f76d91271bcacbd759a2e4ee3ea61faa6a727ccf	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/5f6b17562f03fc65c7d3474ef8f1959b19d1ca41	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.