CVE-2026-53051
UnknownSummary
A vulnerability has been identified in the Linux kernel related to CBB timeout caused by accessing the DBI register before powering on the controller core. The issue occurs when the PERST# signal is deasserted twice, leading to errors in accessing DBI registers.
Risk Assessment
Organizations may experience performance and stability issues, potentially leading to hardware failures or data loss. Improper power management of the controller may also impact the security of PCIe operations.
Recommendation
It is recommended to update the Linux kernel to move the calls to pci_epc_deinit_notify() and dw_pcie_ep_cleanup() after powering on the controller core, ensuring proper access to DBI registers.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core. The call chain that causes the timeout: pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational. Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.

