CVE-2026-23472

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

In the Linux kernel, the following vulnerability has been resolved:

serial: core: fix infinite loop in handle tx() for PORT UNKNOWN

uart write room() and uart write() behave inconsistently when xmit buf is NULL (which happens for PORT UNKNOWN ports that were never properly initialized):

uart write room() returns kfifo avail() which can be > 0
uart write() checks xmit buf and returns 0 if NULL

This inconsistency causes an infinite loop in drivers that rely on tty write room() to determine if they can write:

while (tty write room(tty) > 0) { written = tty->ops->write(...); // written is always 0, loop never exits }

For example, caif serial's handle tx() enters an infinite loop when used with PORT UNKNOWN serial ports, causing system hangs.

Fix by making uart write room() also check xmit buf and return 0 if it's NULL, consistent with uart write().

Reproducer: https://gist.github.com/mrpre/d9a694cc0e19828ee3bc3b37983fde13

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2026-23472

Affected Products

Linux

CVE-2026-23472

Related Identifiers

Affected Products

References · 4