CVE-2026-46049
Description
In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdif_passthru_playback_get_resources() uses atc->pll_rate as the RSR for the MSR calculation loop. However, pll_rate is only updated in atc_pll_init() and not in hw_pll_init(), so it remains 0 after the card init. When spdif_passthru_playback_setup() skips atc_pll_init() for 32000 Hz, (rsr * desc.msr) always becomes 0, causing the loop to spin indefinitely. Add fallback to use atc->rsr when atc->pll_rate is 0. This reflects the hardware state, since hw_card_init() already configures the PLL to the default RSR.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | fixed | 7.0.4-1 |
| debian | sid | fixed | 7.0.4-1 |
| debian | trixie | fixed | 6.12.86-1 |
References
- https://git.kernel.org/stable/c/25ded535ee261161bcf19dafd525c542e606559d
- https://git.kernel.org/stable/c/30f9494c6f2b53a78822cfb653ffbb1d092d44c8
- https://git.kernel.org/stable/c/09496158f6ebba8830593f8972035c02f97124c1
- https://git.kernel.org/stable/c/95b1ee8442cabbde83b2848e7c6100df90f3a00d
- https://git.kernel.org/stable/c/7d61662197ecdc458e33e475b6ada7f6da61d364
- https://security-tracker.debian.org/tracker/CVE-2026-46049
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.