CVE-2026-23472

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN<br /> <br /> uart_write_room() and uart_write() behave inconsistently when<br /> xmit_buf is NULL (which happens for PORT_UNKNOWN ports that were<br /> never properly initialized):<br /> <br /> - uart_write_room() returns kfifo_avail() which can be &gt; 0<br /> - uart_write() checks xmit_buf and returns 0 if NULL<br /> <br /> This inconsistency causes an infinite loop in drivers that rely on<br /> tty_write_room() to determine if they can write:<br /> <br /> while (tty_write_room(tty) &gt; 0) {<br /> written = tty-&gt;ops-&gt;write(...);<br /> // written is always 0, loop never exits<br /> }<br /> <br /> For example, caif_serial&amp;#39;s handle_tx() enters an infinite loop when<br /> used with PORT_UNKNOWN serial ports, causing system hangs.<br /> <br /> Fix by making uart_write_room() also check xmit_buf and return 0 if<br /> it&amp;#39;s NULL, consistent with uart_write().<br /> <br /> Reproducer: https://gist.github.com/mrpre/d9a694cc0e19828ee3bc3b37983fde13