Main Vulnerability Database SB2026040656

SB2026040656 - Improper Initialization in Linux kernel tty serial driver

Published: April 6, 2026

Security Bulletin ID SB2026040656

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Initialization (CVE-ID: CVE-2026-23472)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper initialization handling in handle_tx() when processing PORT_UNKNOWN serial ports. A local user can use a PORT_UNKNOWN serial port to trigger an infinite loop and cause a denial of service.

This issue occurs because write-room reporting can indicate available space while write operations return zero when the transmit buffer is NULL, which can lead to a system hang.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/455ce986fa356ff43a43c0d363ba95fa152f21d5
https://git.kernel.org/stable/c/bc70f2b36cf474d5cc8ecbcaf57f3e326fdec67c
https://git.kernel.org/stable/c/efe85a557186b7fe915572ae93a8f3f78bfd9a22