HOMEVULNERABILITIESCVE-2026-53331
NONE

CVE-2026-53331

Published: July 1, 2026· Updated: Jul 1, 2026

EPSS:0.17%probability of exploitation in 30 daysPercentile:6.9th

Official Description

In the Linux kernel, the following vulnerability has been resolved:

slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock

During the SSR/PDR down notification the tx_lock is taken with the

intent to provide synchronization with active DMA transfers.

But during this period qcom_slim_ngd_down() is invoked, which ends up in

slim_report_absent(), which takes the slim_controller lock. In multiple

other codepaths these two locks are taken in the opposite order (i.e.

slim_controller then tx_lock).

The result is a lockdep splat, and a possible deadlock:

rprocctl/449 is trying to acquire lock:

ffff00009793e620 (&ctrl->lock){+.+.}-{4:4}, at: slim_report_absent (drivers/slimbus/core.c:322) slimbus

but task is already holding lock:

ffff00009793fb50 (&ctrl->tx_lock){+.+.}-{4:4}, at: qcom_slim_ngd_ssr_pdr_notify (drivers/slimbus/qcom-ngd-ctrl.c:1475) slim_qcom_ngd_ctrl

which lock already depends on the new lock.

Possible unsafe locking scenario:

CPU0 CPU1

---- ----

lock(&ctrl->tx_lock);

lock(&ctrl->lock);

lock(&ctrl->tx_lock);

lock(&ctrl->lock);

The assumption is that the comment refers to the desire to not call

qcom_slim_ngd_exit_dma() while we have an ongoing DMA TX transaction.

But any such transaction is initiated and completed within a single

qcom_slim_ngd_xfer_msg().

Prior to calling qcom_slim_ngd_exit_dma() the slim_controller is torn

down, all child devices are notified that the slimbus is gone and the

child devices are removed.

Stop taking the tx_lock in qcom_slim_ngd_ssr_pdr_notify() to avoid the

deadlock.

NVD Source

Technical Analysis

CVE-2026-53331 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (7)

Quick Facts

CVE IDCVE-2026-53331
SeverityNONE
CISA KEVNo
EPSS (30d)0.17%
PublishedJul 1, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-53331 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.