CVE-2026-53051

ANALYSIS PENDING

PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core. The call chain that causes the timeout: pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational. Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.

Scores

EPSS 0.0018
EPSS Percentile 7.2%

Details

Status published
Products (15)
linux/Kernel < 6.12.91linux
linux/Kernel 6.13.0 - 7.0.10linux
Linux/Linux < 6.13
Linux/Linux 40e2125381dc11379112485e3eefdd25c6df5375 - 34b3eef48d980cd37b876e128bbf314f69fb5d70
Linux/Linux 40e2125381dc11379112485e3eefdd25c6df5375 - b059a41bdd5b202b2b9d7708403fb43c69689e53
Linux/Linux 40e2125381dc11379112485e3eefdd25c6df5375 - ce899f9c019591b73ef84b9afa332ed53beece25
Linux/Linux 6.11.11 - 6.12
Linux/Linux 6.12.2 - 6.12.91
Linux/Linux 6.12.91 - 6.12.*
Linux/Linux 6.13
... and 5 more
Published Jun 24, 2026
Tracked Since Jun 24, 2026