CVE-2026-23446
ADVISORY - nistSummary
In the Linux kernel, the following vulnerability has been resolved:
net: usb: aqc111: Do not perform PM inside suspend callback
syzbot reports "task hung in rpm_resume"
This is caused by aqc111_suspend calling the PM variant of its write_cmd routine.
The simplified call trace looks like this:
rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen.
At this point we block another task which holds rtnl_lock and locks up the whole networking stack.
Fix this by replacing the write_cmd calls with their _nopm variants
Common Weakness Enumeration (CWE)
Deadlock
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in