CVE-2026-46262
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to improper lock management in the fsl_xcvr_mode_put() function. This can lead to a deadlock when attempting to acquire a read lock while holding a write lock in the same thread.
Risk Assessment
Organizations may experience performance issues, including hung tasks, which can lead to service interruptions.
Recommendation
It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and avoid potential performance issues.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()"). The original patch attempted to acquire the card->controls_rwsem lock in fsl_xcvr_mode_put(). However, this function is called from the upper ALSA core function snd_ctl_elem_write(), which already holds the write lock on controls_rwsem for the whole put operation. So there is no need to simply hold the lock for fsl_xcvr_activate_ctl() again. Acquiring the read lock while holding the write lock in the same thread results in a deadlock and a hung task, as reported by Alexander Stein.

