PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on
Summary
| CVE | CVE-2026-53051 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-24 17:17:17 UTC |
| Updated | 2026-06-24 17:17:17 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core. The call chain that causes the timeout: pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational. Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur. |
Risk And Classification
EPSS: 0.001750000 probability, percentile 0.072060000 (date 2026-06-25)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 72034050ccf4202cd6558b0afd2474f756ea3b9b 010983063a806720b45778d191335f8ea864fea3 git | Not specified |
| CNA | Linux | Linux | affected 40e2125381dc11379112485e3eefdd25c6df5375 b059a41bdd5b202b2b9d7708403fb43c69689e53 git | Not specified |
| CNA | Linux | Linux | affected 40e2125381dc11379112485e3eefdd25c6df5375 ce899f9c019591b73ef84b9afa332ed53beece25 git | Not specified |
| CNA | Linux | Linux | affected 40e2125381dc11379112485e3eefdd25c6df5375 34b3eef48d980cd37b876e128bbf314f69fb5d70 git | Not specified |
| CNA | Linux | Linux | affected 70212c2300971506e986d95000d2745529cac9d7 git | Not specified |
| CNA | Linux | Linux | affected 6.12.2 6.12.91 semver | Not specified |
| CNA | Linux | Linux | affected 6.11.11 6.12 semver | Not specified |
| CNA | Linux | Linux | affected 6.13 | Not specified |
| CNA | Linux | Linux | unaffected 6.13 semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.91 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.33 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.0.10 7.0.* semver | Not specified |
| CNA | Linux | Linux | unaffected 7.1 * original_commit_for_fix | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/34b3eef48d980cd37b876e128bbf314f69fb5d70 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/b059a41bdd5b202b2b9d7708403fb43c69689e53 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/ce899f9c019591b73ef84b9afa332ed53beece25 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/010983063a806720b45778d191335f8ea864fea3 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.