Home

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core. The call chain that causes the timeout: pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational. Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-24 | Updated 2026-06-24 | Assigner Linux

Product status

Default status
unaffected

72034050ccf4202cd6558b0afd2474f756ea3b9b (git) before 010983063a806720b45778d191335f8ea864fea3
affected

40e2125381dc11379112485e3eefdd25c6df5375 (git) before b059a41bdd5b202b2b9d7708403fb43c69689e53
affected

40e2125381dc11379112485e3eefdd25c6df5375 (git) before ce899f9c019591b73ef84b9afa332ed53beece25
affected

40e2125381dc11379112485e3eefdd25c6df5375 (git) before 34b3eef48d980cd37b876e128bbf314f69fb5d70
affected

70212c2300971506e986d95000d2745529cac9d7 (git)
affected

6.12.2 (semver) before 6.12.91
affected

6.11.11 (semver) before 6.12
affected

Default status
affected

6.13
affected

Any version before 6.13
unaffected

6.12.91 (semver)
unaffected

6.18.33 (semver)
unaffected

7.0.10 (semver)
unaffected

7.1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/010983063a806720b45778d191335f8ea864fea3

git.kernel.org/...c/b059a41bdd5b202b2b9d7708403fb43c69689e53

git.kernel.org/...c/ce899f9c019591b73ef84b9afa332ed53beece25

git.kernel.org/...c/34b3eef48d980cd37b876e128bbf314f69fb5d70

cve.org (CVE-2026-53051)

nvd.nist.gov (CVE-2026-53051)

Download JSON