PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46049 Linux CVE debrief

A logic error in the Linux kernel's ALSA ctxfi (Creative Sound Blaster X-Fi) driver can cause an infinite loop during S/PDIF passthrough playback setup. The vulnerability exists because `spdif_passthru_playback_get_resources()` uses `atc->pll_rate` for MSR calculation, but this field remains zero after card initialization when `hw_pll_init()` is used instead of `atc_pll_init()`. When 32000 Hz playback triggers a code path that skips `atc_pll_init()`, the calculation `(rsr * desc.msr)` evaluates to zero, causing the loop to spin indefinitely. The fix adds a fallback to `atc->rsr` when `atc->pll_rate` is zero, reflecting the hardware's actual PLL configuration. This is a local denial-of-service condition triggered by audio playback operations.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Linux system administrators, kernel maintainers, and users of systems with Creative Sound Blaster X-Fi audio hardware

Technical summary

The ALSA ctxfi driver for Creative Sound Blaster X-Fi hardware contains a logic flaw in S/PDIF passthrough playback resource calculation. The function `spdif_passthru_playback_get_resources()` relies on `atc->pll_rate` for MSR (Master Sample Rate) calculations, but this field is only populated by `atc_pll_init()` and not by `hw_pll_init()`. After card initialization via `hw_card_init()`, `pll_rate` remains zero. When `spdif_passthrough_playback_setup()` skips `atc_pll_init()` for 32000 Hz sample rate, the subsequent calculation `(rsr * desc.msr)` produces zero, causing an unbounded loop. The resolution implements a fallback to `atc->rsr` (the default reference sample rate) when `pll_rate` is uninitialized, aligning software state with hardware configuration.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel patches from stable branches when available for your distribution
  • Monitor distribution security advisories for ALSA/sound driver updates
  • Restrict local access to audio devices where untrusted users may trigger S/PDIF passthrough at 32000 Hz
  • Review system logs for hung tasks or soft lockups in audio playback contexts as potential indicators

Evidence notes

Vulnerability description confirms infinite loop in kernel driver. Patch adds fallback to prevent zero-value MSR calculation. No CVSS score assigned by NVD at time of disclosure.

Official resources

2026-05-27