CVE-2026-23446
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability in the Linux kernel's aqc111 USB network driver causes a deadlock during suspend due to improper Power Management (PM) calls. This blocks the entire networking stack, leading to a denial of service.
Risk Assessment
An attacker can trigger a denial of service (DoS) by suspending a USB network device, causing the system's networking stack to hang indefinitely.
Recommendation
Immediately update the Linux kernel to a version containing the fix that replaces write_cmd calls with their _nopm variants to avoid PM operations in the suspend callback.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variants

