CVE-2026-53331
In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock During the SSR/PDR down notification the tx_lock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcom_slim_ngd_down() is invoked, which ends up in slim_report_absent(), which takes the slim_controller lock. In multiple other codepaths these two locks are taken in the opposite order (i.e. slim_controller then tx_lock). The result is a lockdep splat, and a possible deadlock: rprocctl/449 is trying to acquire lock: ffff00009793e620 (&ctrl->lock){+.+.}-{4:4}, at: slim_report_absent (drivers/slimbus/core.c:322) slimbus but task is already holding lock: ffff00009793fb50 (&ctrl->tx_lock){+.+.}-{4:4}, at: qcom_slim_ngd_ssr_pdr_notify (drivers/slimbus/qcom-ngd-ctrl.c:1475) slim_qcom_ngd_ctrl which lock already depends on the new lock. Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&ctrl->tx_lock); lock(&ctrl->lock); lock(&ctrl->tx_lock); lock(&ctrl->lock); The assumption is that the comment refers to the desire to not call qcom_slim_ngd_exit_dma() while we have an ongoing DMA TX transaction. But any such transaction is initiated and completed within a single qcom_slim_ngd_xfer_msg(). Prior to calling qcom_slim_ngd_exit_dma() the slim_controller is torn down, all child devices are notified that the slimbus is gone and the child devices are removed. Stop taking the tx_lock in qcom_slim_ngd_ssr_pdr_notify() to avoid the deadlock.
Affected versions
Linux kernel versions
5.11
and later are affected. Fixed in
5.15.210,
6.1.176,
6.6.143,
6.12.94,
6.18.36,
7.0.13,
7.1
and their respective stable series.
References
7 totalFrequently asked questions
-
What is CVE-2026-53331?
CVE-2026-53331 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 5.11 onward and has been patched in 5.15.210, 6.1.176, 6.6.143 and others. CVE-2026-53331 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2026-53331?
Yes — CVE-2026-53331 has been patched. Fixed versions include 5.15.210, 6.1.176, 6.6.143 and others. If you are running Linux kernel 5.11 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2026-53331 actively exploited?
No — CVE-2026-53331 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.