{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-07T05:56:47.413","vulnerabilities":[{"cve":{"id":"CVE-2026-23115","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-02-14T15:16:06.607","lastModified":"2026-03-18T13:41:27.780","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nserial: Fix not set tty->port race condition\n\nRevert commit bfc467db60b7 (\"serial: remove redundant\ntty_port_link_device()\") because the tty_port_link_device() is not\nredundant: the tty->port has to be confured before we call\nuart_configure_port(), otherwise user-space can open console without TTY\nlinked to the driver.\n\nThis tty_port_link_device() was added explicitly to avoid this exact\nissue in commit fb2b90014d78 (\"tty: link tty and port before configuring\nit as console\"), so offending commit basically reverted the fix saying\nit is redundant without addressing the actual race condition presented\nthere.\n\nReproducible always as tty->port warning on Qualcomm SoC with most of\ndevices disabled, so with very fast boot, and one serial device being\nthe console:\n\n printk: legacy console [ttyMSM0] enabled\n printk: legacy console [ttyMSM0] enabled\n printk: legacy bootconsole [qcom_geni0] disabled\n printk: legacy bootconsole [qcom_geni0] disabled\n ------------[ cut here ]------------\n tty_init_dev: ttyMSM driver does not set tty->port. This would crash the kernel. Fix the driver!\n WARNING: drivers/tty/tty_io.c:1414 at tty_init_dev.part.0+0x228/0x25c, CPU#2: systemd/1\n Modules linked in: socinfo tcsrcc_eliza gcc_eliza sm3_ce fuse ipv6\n CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G S 6.19.0-rc4-next-20260108-00024-g2202f4d30aa8 #73 PREEMPT\n Tainted: [S]=CPU_OUT_OF_SPEC\n Hardware name: Qualcomm Technologies, Inc. Eliza (DT)\n ...\n tty_init_dev.part.0 (drivers/tty/tty_io.c:1414 (discriminator 11)) (P)\n tty_open (arch/arm64/include/asm/atomic_ll_sc.h:95 (discriminator 3) drivers/tty/tty_io.c:2073 (discriminator 3) drivers/tty/tty_io.c:2120 (discriminator 3))\n chrdev_open (fs/char_dev.c:411)\n do_dentry_open (fs/open.c:962)\n vfs_open (fs/open.c:1094)\n do_open (fs/namei.c:4634)\n path_openat (fs/namei.c:4793)\n do_filp_open (fs/namei.c:4820)\n do_sys_openat2 (fs/open.c:1391 (discriminator 3))\n ...\n Starting Network Name Resolution...\n\nApparently the flow with this small Yocto-based ramdisk user-space is:\n\ndriver (qcom_geni_serial.c): user-space:\n============================ ===========\nqcom_geni_serial_probe()\n uart_add_one_port()\n serial_core_register_port()\n serial_core_add_one_port()\n uart_configure_port()\n register_console()\n |\n | open console\n | ...\n | tty_init_dev()\n | driver->ports[idx] is NULL\n |\n tty_port_register_device_attr_serdev()\n tty_port_link_device() <- set driver->ports[idx]"},{"lang":"es","value":"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nserial: Corrige la condición de carrera de tty->port no establecido\n\nRevertir el commit bfc467db60b7 ('serial: eliminar tty_port_link_device() redundante') porque tty_port_link_device() no es redundante: el tty->port tiene que ser configurado antes de que llamemos a uart_configure_port(), de lo contrario, el espacio de usuario puede abrir la consola sin un TTY vinculado al controlador.\n\nEste tty_port_link_device() fue añadido explícitamente para evitar este problema exacto en el commit fb2b90014d78 ('tty: vincular tty y puerto antes de configurarlo como consola'), por lo que el commit ofensivo básicamente revirtió la corrección diciendo que es redundante sin abordar la condición de carrera real presentada allí.\n\nReproducible siempre como advertencia de tty->port en SoC de Qualcomm con la mayoría de los dispositivos deshabilitados, por lo que con un arranque muy rápido, y un dispositivo serie siendo la consola:\n\n printk: consola heredada [ttyMSM0] habilitada\n printk: consola heredada [ttyMSM0] habilitada\n printk: consola de arranque heredada [qcom_geni0] deshabilitada\n printk: consola de arranque heredada [qcom_geni0] deshabilitada\n ------------[ cortar aquí ]------------\n tty_init_dev: el controlador ttyMSM no establece tty->port. Esto haría que el kernel se bloquee. ¡Arregle el controlador!\n ADVERTENCIA: drivers/tty/tty_io.c:1414 en tty_init_dev.part.0+0x228/0x25c, CPU#2: systemd/1\n Módulos vinculados: socinfo tcsrcc_eliza gcc_eliza sm3_ce fuse ipv6\n CPU: 2 UID: 0 PID: 1 Comm: systemd Tainted: G S 6.19.0-rc4-next-20260108-00024-g2202f4d30aa8 #73 PREEMPT\n Tainted: [S]=CPU_OUT_OF_SPEC\n Nombre del hardware: Qualcomm Technologies, Inc. Eliza (DT)\n ...\n tty_init_dev.part.0 (drivers/tty/tty_io.c:1414 (discriminador 11)) (P)\n tty_open (arch/arm64/include/asm/atomic_ll_sc.h:95 (discriminador 3) drivers/tty/tty_io.c:2073 (discriminador 3) drivers/tty/tty_io.c:2120 (discriminador 3))\n chrdev_open (fs/char_dev.c:411)\n do_dentry_open (fs/open.c:962)\n vfs_open (fs/open.c:1094)\n do_open (fs/namei.c:4634)\n path_openat (fs/namei.c:4793)\n do_filp_open (fs/namei.c:4820)\n do_sys_openat2 (fs/open.c:1391 (discriminador 3))\n ...\n Iniciando la resolución de nombres de red...\n\nAparentemente, el flujo con este pequeño espacio de usuario de ramdisk basado en Yocto es:\n\ncontrolador (qcom_geni_serial.c): espacio de usuario:\n============================ ===========\nqcom_geni_serial_probe()\n uart_add_one_port()\n serial_core_register_port()\n serial_core_add_one_port()\n uart_configure_port()\n register_console()\n |\n | abrir consola\n | ...\n | tty_init_dev()\n | driver->ports[idx] es NULL\n |\n tty_port_register_device_attr_serdev()\n tty_port_link_device() <- establece driver->ports[idx]"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":4.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.15","versionEndExcluding":"6.18.8","matchCriteriaId":"D7B7374A-5B63-4FDE-89D3-C2AF57547341"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*","matchCriteriaId":"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*","matchCriteriaId":"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F71D92C0-C023-48BD-B3B6-70B638EEE298"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*","matchCriteriaId":"13580667-0A98-40CC-B29F-D12790B91BDB"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*","matchCriteriaId":"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*","matchCriteriaId":"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2501c49306238b54a2de0f93de43d50ab6e76c84","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/32f37e57583f869140cff445feedeea8a5fea986","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}