usb: cdns3: fix role switching during resume

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-45911
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-27 14:17:05 UTC
Updated2026-05-27 14:48:31 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix role switching during resume If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference. The host role's start() operation registers a xhci-hcd device, but its probe is deferred while we are in the resume path. The host role's resume() operation assumes the xhci-hcd device is already probed, which is not the case, leading to the dereference. Since the start() operation of the new role is already called, the resume operation can be skipped. So skip the resume operation for the new role if a role switch occurs during resume. Once the resume sequence is complete, the xhci-hcd device can be probed in case of host mode. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000208 Mem abort info: ... Data abort info: ... [0000000000000208] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 146 Comm: sh Not tainted 6.19.0-rc7-00013-g6e64f4aabfae-dirty #135 PREEMPT Hardware name: Texas Instruments J7200 EVM (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb_hcd_is_primary_hcd+0x0/0x1c lr : cdns_host_resume+0x24/0x5c ... Call trace: usb_hcd_is_primary_hcd+0x0/0x1c (P) cdns_resume+0x6c/0xbc cdns3_controller_resume.isra.0+0xe8/0x17c cdns3_plat_resume+0x18/0x24 platform_pm_resume+0x2c/0x68 dpm_run_callback+0x90/0x248 device_resume+0x100/0x24c dpm_resume+0x190/0x2ec dpm_resume_end+0x18/0x34 suspend_devices_and_enter+0x2b0/0xa44 pm_suspend+0x16c/0x5fc state_store+0x80/0xec kobj_attr_store+0x18/0x2c sysfs_kf_write+0x7c/0x94 kernfs_fop_write_iter+0x130/0x1dc vfs_write+0x240/0x370 ksys_write+0x70/0x108 __arm64_sys_write+0x1c/0x28 invoke_syscall+0x48/0x10c el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0x108 el0t_64_sync_handler+0xa0/0xe4 el0t_64_sync+0x198/0x19c Code: 52800003 f9407ca5 d63f00a0 17ffffe4 (f9410401) ---[ end trace 0000000000000000 ]---

Risk And Classification

EPSS: 0.000240000 probability, percentile 0.073320000 (date 2026-06-01)

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected 2cf2581cd2290ccef674f1be5f7977d66702eedb ff02bd303d2d78051771db51119d66c0cf442f47 git Not specified
CNA Linux Linux affected 2cf2581cd2290ccef674f1be5f7977d66702eedb 94c742614899ff18a6b3e6f3cfbe7b9f36c865f3 git Not specified
CNA Linux Linux affected 2cf2581cd2290ccef674f1be5f7977d66702eedb d637f6ec149ffd2f8257bcc261561dc2e44dbb8c git Not specified
CNA Linux Linux affected 2cf2581cd2290ccef674f1be5f7977d66702eedb 56289298431ed76700b9aac27a3b1d929fe61b8d git Not specified
CNA Linux Linux affected 2cf2581cd2290ccef674f1be5f7977d66702eedb fc086c0ce3db0eefbbeb66a5b1e626296336e33a git Not specified
CNA Linux Linux affected 2cf2581cd2290ccef674f1be5f7977d66702eedb 49c99dc247ebf7361db9dbdade3dcebfffaf2c22 git Not specified
CNA Linux Linux affected 2cf2581cd2290ccef674f1be5f7977d66702eedb 87e4b043b98a1d269be0b812f383881abee0ca45 git Not specified
CNA Linux Linux affected 5.13 Not specified
CNA Linux Linux unaffected 5.13 semver Not specified
CNA Linux Linux unaffected 5.15.203 5.15.* semver Not specified
CNA Linux Linux unaffected 6.1.167 6.1.* semver Not specified
CNA Linux Linux unaffected 6.6.130 6.6.* semver Not specified
CNA Linux Linux unaffected 6.12.77 6.12.* semver Not specified
CNA Linux Linux unaffected 6.18.14 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.4 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/94c742614899ff18a6b3e6f3cfbe7b9f36c865f3 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/49c99dc247ebf7361db9dbdade3dcebfffaf2c22 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/87e4b043b98a1d269be0b812f383881abee0ca45 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/56289298431ed76700b9aac27a3b1d929fe61b8d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/fc086c0ce3db0eefbbeb66a5b1e626296336e33a 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/ff02bd303d2d78051771db51119d66c0cf442f47 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/d637f6ec149ffd2f8257bcc261561dc2e44dbb8c 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report