CVE-2026-53051
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on
When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core.
The call chain that causes the timeout:
pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE
The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational.
Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 72034050ccf4202cd6558b0afd2474f756ea3b9b < 010983063a806720b45778d191335f8ea864fea3 | affected |
| Linux | Linux | 40e2125381dc11379112485e3eefdd25c6df5375 < b059a41bdd5b202b2b9d7708403fb43c69689e53 | affected |
| Linux | Linux | 40e2125381dc11379112485e3eefdd25c6df5375 < ce899f9c019591b73ef84b9afa332ed53beece25 | affected |
| Linux | Linux | 40e2125381dc11379112485e3eefdd25c6df5375 < 34b3eef48d980cd37b876e128bbf314f69fb5d70 | affected |
| Linux | Linux | 70212c2300971506e986d95000d2745529cac9d7 | affected |
| Linux | Linux | 6.12.2 < 6.12.91 | affected |
| Linux | Linux | 6.11.11 < 6.12 | affected |
| Linux | Linux | 6.13 | affected |
| Linux | Linux | 0 < 6.13 | unaffected |
| Linux | Linux | 6.12.91 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.33 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.10 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/010983063a806720b45778d191335f8ea864fea3
- https://git.kernel.org/stable/c/b059a41bdd5b202b2b9d7708403fb43c69689e53
- https://git.kernel.org/stable/c/ce899f9c019591b73ef84b9afa332ed53beece25
- https://git.kernel.org/stable/c/34b3eef48d980cd37b876e128bbf314f69fb5d70
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.