CVE-2026-43204 Overview
CVE-2026-43204 is a Linux kernel vulnerability in the Qualcomm ASoC (ALSA System on Chip) q6asm audio driver. The flaw stems from improper handling of Digital Signal Processor (DSP) responses arriving after a data stream has been closed. A prior fix in commit a354f030dbce attempted to ignore these late responses, but the responses were still processed, leading to system lockups. The resolution unconditionally drops all DSP responses associated with closed data streams.
Critical Impact
Improper handling of late DSP responses in the Qualcomm q6asm audio driver causes kernel lockups on affected Linux systems using Qualcomm audio hardware.
Affected Products
- Linux kernel (mainline) with Qualcomm ASoC q6asm driver enabled
- Qualcomm-based platforms relying on the Q6 Audio Stream Manager subsystem
- Distributions shipping kernels containing commit a354f030dbce without the subsequent fix
Discovery Timeline
- 2026-05-06 - CVE-2026-43204 published to NVD
- 2026-05-06 - Last updated in NVD database
Technical Details for CVE-2026-43204
Vulnerability Analysis
The vulnerability resides in the Qualcomm q6asm (Q6 Audio Stream Manager) component of the Linux kernel ASoC subsystem. The q6asm driver communicates with the Qualcomm DSP using asynchronous command and response messaging. When a userspace audio stream is closed, the kernel must reconcile any in-flight DSP responses that arrive after teardown begins.
A previous patch, commit a354f030dbce ("ASoC: qcom: q6asm: handle the responses after closing"), introduced logic intended to ignore responses received after stream closure. However, the responses continued to be processed by the response handler. This caused the driver to operate on stale or invalid stream state, resulting in kernel lockups that block further audio operations and degrade overall system stability.
The fix unconditionally drops all DSP responses tied to closed data streams, ensuring the response handler exits early before touching freed or transitioning state.
Root Cause
The root cause is incomplete response filtering after stream closure. The original mitigation checked stream state but failed to short-circuit the response handler, allowing post-close callbacks to access state that was no longer valid. This is a logic flaw in resource lifecycle management within an asynchronous DSP messaging path.
Attack Vector
This is a denial-of-service condition reachable through normal audio stream open/close sequences on Qualcomm hardware. Triggering the lockup requires interaction with the audio subsystem on affected platforms. No remote attack vector or code execution path is described in the kernel commit message. Refer to the upstream kernel commits for technical details: Kernel Git Commit 3249251e and Kernel Git Commit 8a066a81.
Detection Methods for CVE-2026-43204
Indicators of Compromise
- Kernel soft lockup or hung task warnings referencing q6asm or ASoC code paths in dmesg output
- Audio subsystem becoming unresponsive on Qualcomm-based Linux devices after repeated stream open/close cycles
- Stalled processes blocked on audio device file descriptors with no progress
Detection Strategies
- Audit running kernel versions across Qualcomm-based Linux fleets and compare against the fixed commits referenced above
- Monitor kernel logs for BUG: soft lockup or INFO: task hung events involving the ASoC q6asm callstack
- Track package inventory of Linux distributions to identify systems shipping the unpatched q6asm driver
Monitoring Recommendations
- Forward kernel ring buffer messages to a centralized log platform for correlation of lockup events
- Establish alerts on repeated audio service crashes or restarts on Qualcomm hardware
- Include kernel version metadata in endpoint inventory to streamline patch verification
How to Mitigate CVE-2026-43204
Immediate Actions Required
- Identify Linux systems running Qualcomm ASoC audio with vulnerable kernel versions
- Apply the upstream stable kernel update containing the fix to drop DSP responses for closed streams
- Reboot systems after kernel update to ensure the patched q6asm module is loaded
Patch Information
The vulnerability is resolved by the upstream Linux kernel commits referenced in the NVD entry: Kernel Git Commit 3249251e and Kernel Git Commit 8a066a81. Apply the corresponding stable kernel release from your Linux distribution.
Workarounds
- Where patching is delayed, avoid workloads that rapidly open and close audio streams on affected Qualcomm platforms
- Disable or unload the q6asm module on systems where audio functionality is not required
- Restrict access to audio device nodes to trusted local users to limit DoS exposure
# Verify running kernel version and check for the fixed commit
uname -r
# On systems using package managers, update the kernel
# Debian/Ubuntu
sudo apt update && sudo apt install --only-upgrade linux-image-$(uname -r)
# Fedora/RHEL
sudo dnf update kernel
# Reboot to load the patched kernel
sudo reboot
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
