PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-43061 Linux CVE debrief

A DMA TX deadlock vulnerability in the Linux kernel's 8250 serial driver can cause permanent loss of serial transmit functionality. When `dmaengine_terminate_async` cancels a DMA transaction without invoking the `__dma_tx_complete` callback, the `dma->tx_running` flag is never cleared. This prevents scheduling of new TX DMA transactions, effectively halting serial output. The fix clears `dma->tx_running` immediately after terminating the DMA transaction while holding the UART port lock, ensuring serialized access with the callback.

Vendor
Linux
Product
Unknown
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-05
Original CVE updated
2026-05-29
Advisory published
2026-05-05
Advisory updated
2026-05-29

Who should care

Organizations running Linux systems with 8250 UART-based serial ports utilizing DMA, particularly embedded systems, industrial controllers, and telecommunications equipment relying on serial communication.

Technical summary

The 8250 serial driver's DMA TX path in the Linux kernel contains a deadlock condition. The `dma->tx_running` flag, which controls whether new TX DMA transactions can be scheduled, is normally cleared in the `__dma_tx_complete` callback. However, `dmaengine_terminate_async` does not guarantee callback invocation upon transaction cancellation. If the callback is skipped, `dma->tx_running` remains set indefinitely, causing a permanent TX stall. The resolution moves the flag clearing to `serial8250_tx_dma_flush` immediately after `dmaengine_terminate_async`, with the UART port lock ensuring mutual exclusion with the callback.

Defensive priority

medium

Recommended defensive actions

  • Apply the appropriate stable kernel patch for your branch (5.4.291+, 5.10.235+, 5.15.179+, 6.1.129+, 6.6.79+, 6.12.16+, 6.13.4+, 6.14.1+, 6.19, or 7.0-rc series).
  • Upgrade to a fixed kernel version: 5.5 or later for 5.4.x branch, 5.10.253 or later for 5.10.x branch, 5.15.203 or later for 5.15.x branch, 6.1.167 or later for 6.1.x branch, 6.6.130 or later for 6.6.x branch, 6.12.78 or
  • 6.14 or later for 6.13.x branch, 6.18.20 or later for 6.14.x branch, 6.19.10 or later for 6.19 branch, or 7.0-rc8 or later for 7.0-rc series.
  • If running systems with 8250 UART DMA-enabled serial ports and cannot immediately patch, monitor for serial TX stalls and consider disabling DMA for affected serial ports as a temporary workaround.
  • Verify kernel version and confirm patch application through distribution security advisories.

Evidence notes

The vulnerability description is sourced from the official CVE record and NVD entry published 2026-05-05 and modified 2026-05-29. The fix involves clearing `dma->tx_running` in `serial8250_tx_dma_flush` after `dmaengine_terminate_async` returns, with protection from the UART port lock. Multiple stable kernel patches are available across affected branches.

Official resources

2026-05-05