CVE-2026-23446
Published: Apr 3, 2026
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variants
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc - < cc06ac99fd78839b2d38850785731ef131d9ae26affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc - < b87f361d41f9a7f1f6c426947ca815651c481376affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc - < 621f2f43741b51f62d767eb4752fbcefe2526926affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc - < 4de6a43e8ecf961feabddf0e9d6911081d2ed218affected e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc - < 3267bcb744ee8a2feabaa7ab69473f086f67fd71+3 more versions |
Linux | Linux | affected 5.0unaffected 0 - < 5.0unaffected 5.10.253 - <= 5.10.*unaffected 5.15.203 - <= 5.15.*unaffected 6.1.167 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now