CVE Catalog

CVE-2026-23446

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile - higher than 2% of all known CVEs

Summary

A vulnerability in the Linux kernel's aqc111 USB network driver causes a deadlock during suspend due to improper Power Management (PM) calls. This blocks the entire networking stack, leading to a denial of service.

Risk Assessment

An attacker can trigger a denial of service (DoS) by suspending a USB network device, causing the system's networking stack to hang indefinitely.

Recommendation

Immediately update the Linux kernel to a version containing the fix that replaces write_cmd calls with their _nopm variants to avoid PM operations in the suspend callback.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variants

Vulnerability data from NVD (NIST) · CISA KEV · EPSS