CVE-2026-46041

Source
https://cve.org/CVERecord?id=CVE-2026-46041
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46041.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-46041
Downstream
Related
Published
2026-05-27T12:56:54.418Z
Modified
2026-06-18T03:57:29.705971268Z
Summary
greybus: gb-beagleplay: fix sleep in atomic context in hdlc_tx_frames()
Details

In the Linux kernel, the following vulnerability has been resolved:

greybus: gb-beagleplay: fix sleep in atomic context in hdlctxframes()

hdlcappend() calls usleeprange() to wait for circular buffer space, but it is called with txproducerlock (a spinlock) held via hdlctxframes() -> hdlcappendtxframe()/hdlcappendtxu8()/etc. Sleeping while holding a spinlock is illegal and can trigger "BUG: scheduling while atomic".

Fix this by moving the buffer-space wait out of hdlcappend() and into hdlctx_frames(), before the spinlock is acquired. The new flow:

  1. Pre-calculate the worst-case encoded frame length.
  2. Wait (with sleep) outside the lock until enough space is available, kicking the TX consumer work to drain the buffer.
  3. Acquire the spinlock, re-verify space, and write the entire frame atomically.

This ensures that sleeping only happens without any lock held, and that frames are either fully enqueued or not written at all.

This bug is found by CodeQL static analysis tool (interprocedural sleep-in-atomic query) and my code review.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46041.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ec558bbfea671ac020a6dc6be8bf8f0ee556cce0
Fixed
9f2b87bcdfed55145acbf932dc12f2c057145cad
Fixed
b2801647c203a38e013802e9e9616b5bfac64968
Fixed
51667fe2d9294d66e0228b9f51d1f01b6680a641
Fixed
6b526dca0966f2370835765019a54319b78fca8d

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46041.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.86
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.27
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-46041.json"