1. Home
  2. Vulnerabilities
  3. CVE-2026-23446
0.0
NA
CVE-2026-23446
net: usb: aqc111: Do not perform PM inside suspend callback
Overview
Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variants

Details
INFO

Published Date :

April 3, 2026, 4:16 p.m.

Last Modified :

April 3, 2026, 4:16 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Impact
Affected Products

The following products are affected by CVE-2026-23446 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
Solution
Avoid performing PM operations within the suspend callback to prevent deadlocks.
  • Replace write_cmd calls with their _nopm variants.
  • Apply the provided patch to the Linux kernel.
  • Update the kernel to the fixed version.
References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-23446.

URL Resource
https://git.kernel.org/stable/c/069c8f5aebe4d5224cf62acc7d4b3486091c658a
https://git.kernel.org/stable/c/3267bcb744ee8a2feabaa7ab69473f086f67fd71
https://git.kernel.org/stable/c/4de6a43e8ecf961feabddf0e9d6911081d2ed218
https://git.kernel.org/stable/c/621f2f43741b51f62d767eb4752fbcefe2526926
https://git.kernel.org/stable/c/98e8aed64614b0c199d5f0391fbe1a4331cb5773
https://git.kernel.org/stable/c/d3e32a612c6391ca9b7c183aeec22b4fd24c300c
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-23446 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-23446 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-23446 vulnerability anywhere in the article.

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-23446 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Apr. 03, 2026

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variants
    Added Reference https://git.kernel.org/stable/c/069c8f5aebe4d5224cf62acc7d4b3486091c658a
    Added Reference https://git.kernel.org/stable/c/3267bcb744ee8a2feabaa7ab69473f086f67fd71
    Added Reference https://git.kernel.org/stable/c/4de6a43e8ecf961feabddf0e9d6911081d2ed218
    Added Reference https://git.kernel.org/stable/c/621f2f43741b51f62d767eb4752fbcefe2526926
    Added Reference https://git.kernel.org/stable/c/98e8aed64614b0c199d5f0391fbe1a4331cb5773
    Added Reference https://git.kernel.org/stable/c/d3e32a612c6391ca9b7c183aeec22b4fd24c300c
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
No CVSS metrics available for this vulnerability.