In the Linux kernel, the following vulnerability has been resolved:
spi: spidev: fix lock inversion between spilock and buflock
The spidev driver previously used two mutexes, spilock and buflock, but acquired them in different orders depending on the code path:
write()/read(): buflock -> spilock ioctl(): spilock -> buflock
This AB-BA locking pattern triggers lockdep warnings and can cause real deadlocks:
WARNING: possible circular locking dependency detected spidevioctl() -> mutexlock(&spidev->buflock) spidevsyncwrite() -> mutexlock(&spidev->spi_lock) *** DEADLOCK ***
The issue is reproducible with a simple userspace program that performs write() and SPIIOCWRMAXSPEED_HZ ioctl() calls from separate threads on the same spidev file descriptor.
Fix this by simplifying the locking model and removing the lock inversion entirely. spidevsync() no longer performs any locking, and all callers serialize access using spilock.
buflock is removed since its functionality is fully covered by spilock, eliminating the possibility of lock ordering issues.
This removes the lock inversion and prevents deadlocks without changing userspace ABI or behaviour.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43319.json"
}