CVE-2026-43204

The vulnerability in the Linux kernel's ASoC q6asm driver occurs because DSP responses are still processed after a data stream has been closed. A previous commit attempted to ignore these responses but the handling was incomplete, leading to kernel lockups [1][2]. The root cause is that the driver did not properly discard responses for closed streams, allowing them to interfere with driver state.

Exploitation requires triggering DSP responses after stream closure, which can be achieved by a malicious audio application or compromised firmware. An unprivileged local user may be able to cause a race condition by closing a stream while DSP responses are still in flight, no authentication is needed to trigger the bug. The driver operates in kernel space, so a successful trigger results in a lockup.

The impact is a denial of service (DoS) where the audio subsystem becomes unresponsive, potentially affecting system stability. The vulnerability has a CVSS v3 base score of 5.5 (Medium), reflecting the need for local access and the resulting availability impact.

Mitigation is available through Linux kernel stable updates. The fix unconditionally drops all DSP responses associated with closed data streams, preventing the lockup. Administrators should apply the latest kernel patches to protect against this issue. The relevant commits are referenced in [1] and [2].