slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock

Summary

CVECVE-2026-53331
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-07-01 14:16:40 UTC
Updated2026-07-01 14:16:40 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock During the SSR/PDR down notification the tx_lock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcom_slim_ngd_down() is invoked, which ends up in slim_report_absent(), which takes the slim_controller lock. In multiple other codepaths these two locks are taken in the opposite order (i.e. slim_controller then tx_lock). The result is a lockdep splat, and a possible deadlock: rprocctl/449 is trying to acquire lock: ffff00009793e620 (&ctrl->lock){+.+.}-{4:4}, at: slim_report_absent (drivers/slimbus/core.c:322) slimbus but task is already holding lock: ffff00009793fb50 (&ctrl->tx_lock){+.+.}-{4:4}, at: qcom_slim_ngd_ssr_pdr_notify (drivers/slimbus/qcom-ngd-ctrl.c:1475) slim_qcom_ngd_ctrl which lock already depends on the new lock. Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ctrl->tx_lock); lock(&ctrl->lock); lock(&ctrl->tx_lock); lock(&ctrl->lock); The assumption is that the comment refers to the desire to not call qcom_slim_ngd_exit_dma() while we have an ongoing DMA TX transaction. But any such transaction is initiated and completed within a single qcom_slim_ngd_xfer_msg(). Prior to calling qcom_slim_ngd_exit_dma() the slim_controller is torn down, all child devices are notified that the slimbus is gone and the child devices are removed. Stop taking the tx_lock in qcom_slim_ngd_ssr_pdr_notify() to avoid the deadlock.

Risk And Classification

EPSS: 0.001720000 probability, percentile 0.068810000 (date 2026-07-04)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected a899d324863a3d15ce0eea513884e1b73a758c58 3d1561537237c6cc1db76155183d8bbdac2339f0 git Not specified
CNA Linux Linux affected a899d324863a3d15ce0eea513884e1b73a758c58 dc4d5c57e012c2c669793deb1515a57bbc6bf5dd git Not specified
CNA Linux Linux affected a899d324863a3d15ce0eea513884e1b73a758c58 d54a221b0f3cd9e1f03f18104be34e02a8258fae git Not specified
CNA Linux Linux affected a899d324863a3d15ce0eea513884e1b73a758c58 aad4337a21b9ad3ae8d668fa8678d05e26ecbaa8 git Not specified
CNA Linux Linux affected a899d324863a3d15ce0eea513884e1b73a758c58 9f0d45d509b434c54da10e01f4ef8086e4583401 git Not specified
CNA Linux Linux affected a899d324863a3d15ce0eea513884e1b73a758c58 9708eb50fd7343145b422be852f890212155d845 git Not specified
CNA Linux Linux affected a899d324863a3d15ce0eea513884e1b73a758c58 55f2ea9ff83cc27a85526b14bc9b32f96a08d6ec git Not specified
CNA Linux Linux affected 5.11 Not specified
CNA Linux Linux unaffected 5.11 semver Not specified
CNA Linux Linux unaffected 5.15.210 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.176 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.143 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.94 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.36 6.18.* semver Not specified
CNA Linux Linux unaffected 7.0.13 7.0.* semver Not specified
CNA Linux Linux unaffected 7.1 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/9f0d45d509b434c54da10e01f4ef8086e4583401 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/3d1561537237c6cc1db76155183d8bbdac2339f0 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/dc4d5c57e012c2c669793deb1515a57bbc6bf5dd 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/9708eb50fd7343145b422be852f890212155d845 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/aad4337a21b9ad3ae8d668fa8678d05e26ecbaa8 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/55f2ea9ff83cc27a85526b14bc9b32f96a08d6ec 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/d54a221b0f3cd9e1f03f18104be34e02a8258fae 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report