{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23446", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.019Z", "datePublished": "2026-04-03T15:15:29.863Z", "dateUpdated": "2026-04-03T15:15:29.863Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T15:15:29.863Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: Do not perform PM inside suspend callback\n\nsyzbot reports \"task hung in rpm_resume\"\n\nThis is caused by aqc111_suspend calling\nthe PM variant of its write_cmd routine.\n\nThe simplified call trace looks like this:\n\nrpm_suspend()\n usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING\n aqc111_suspend() - called for the usb device interface\n aqc111_write32_cmd()\n usb_autopm_get_interface()\n pm_runtime_resume_and_get()\n rpm_resume() - here we call rpm_resume() on our parent\n rpm_resume() - Here we wait for a status change that will never happen.\n\nAt this point we block another task which holds\nrtnl_lock and locks up the whole networking stack.\n\nFix this by replacing the write_cmd calls with their _nopm variants"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/aqc111.c"], "versions": [{"version": "e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc", "lessThan": "621f2f43741b51f62d767eb4752fbcefe2526926", "status": "affected", "versionType": "git"}, {"version": "e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc", "lessThan": "4de6a43e8ecf961feabddf0e9d6911081d2ed218", "status": "affected", "versionType": "git"}, {"version": "e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc", "lessThan": "3267bcb744ee8a2feabaa7ab69473f086f67fd71", "status": "affected", "versionType": "git"}, {"version": "e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc", "lessThan": "d3e32a612c6391ca9b7c183aeec22b4fd24c300c", "status": "affected", "versionType": "git"}, {"version": "e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc", "lessThan": "98e8aed64614b0c199d5f0391fbe1a4331cb5773", "status": "affected", "versionType": "git"}, {"version": "e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc", "lessThan": "069c8f5aebe4d5224cf62acc7d4b3486091c658a", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/aqc111.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.167", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.130", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.78", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.1.167"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.6.130"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.12.78"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "7.0-rc5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/621f2f43741b51f62d767eb4752fbcefe2526926"}, {"url": "https://git.kernel.org/stable/c/4de6a43e8ecf961feabddf0e9d6911081d2ed218"}, {"url": "https://git.kernel.org/stable/c/3267bcb744ee8a2feabaa7ab69473f086f67fd71"}, {"url": "https://git.kernel.org/stable/c/d3e32a612c6391ca9b7c183aeec22b4fd24c300c"}, {"url": "https://git.kernel.org/stable/c/98e8aed64614b0c199d5f0391fbe1a4331cb5773"}, {"url": "https://git.kernel.org/stable/c/069c8f5aebe4d5224cf62acc7d4b3486091c658a"}], "title": "net: usb: aqc111: Do not perform PM inside suspend callback", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: aqc111: Do not perform PM inside suspend callback\n\nsyzbot reports \"task hung in rpm_resume\"\n\nThis is caused by aqc111_suspend calling\nthe PM variant of its write_cmd routine.\n\nThe simplified call trace looks like this:\n\nrpm_suspend()\n usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING\n aqc111_suspend() - called for the usb device interface\n aqc111_write32_cmd()\n usb_autopm_get_interface()\n pm_runtime_resume_and_get()\n rpm_resume() - here we call rpm_resume() on our parent\n rpm_resume() - Here we wait for a status change that will never happen.\n\nAt this point we block another task which holds\nrtnl_lock and locks up the whole networking stack.\n\nFix this by replacing the write_cmd calls with their _nopm variants"}], "id": "CVE-2026-23446", "lastModified": "2026-04-07T13:21:09.600", "metrics": {}, "published": "2026-04-03T16:16:30.317", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/069c8f5aebe4d5224cf62acc7d4b3486091c658a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3267bcb744ee8a2feabaa7ab69473f086f67fd71"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4de6a43e8ecf961feabddf0e9d6911081d2ed218"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/621f2f43741b51f62d767eb4752fbcefe2526926"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/98e8aed64614b0c199d5f0391fbe1a4331cb5773"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d3e32a612c6391ca9b7c183aeec22b4fd24c300c"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: net: usb: aqc111: Do not perform PM inside suspend callback", "id": "2454870", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454870"}, "csaw": false, "cwe": "CWE-833", "details": ["A flaw was found in the Linux kernel's aqc111 USB network driver. When the aqc111_suspend function is called, it incorrectly attempts to perform Power Management (PM) operations. This leads to a situation where a task hangs, preventing other critical networking operations and causing a Denial of Service (DoS) by locking up the entire networking stack."], "name": "CVE-2026-23446", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23446\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23446\nhttps://lore.kernel.org/linux-cve-announce/2026040315-CVE-2026-23446-65cf@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc,621f2f43741b51f62d767eb4752fbcefe2526926)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc,4de6a43e8ecf961feabddf0e9d6911081d2ed218)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc,3267bcb744ee8a2feabaa7ab69473f086f67fd71)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc,d3e32a612c6391ca9b7c183aeec22b4fd24c300c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc,98e8aed64614b0c199d5f0391fbe1a4331cb5773)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[e58ba4544c7771591d1e3157bc01b4a8e4d1c3fc,069c8f5aebe4d5224cf62acc7d4b3486091c658a)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.0"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.167,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.130,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.78,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-07T10:38:32.769916+00:00", "value": {"mitigation_remediation": ["Upgrade the kernel to a version that replaces the PM\u2011aware write routine in aqc111 with a PM\u2011free variant.", "Confirm the update by checking release notes or the driver source for the applied fix.", "If a kernel update cannot be applied immediately, disable runtime power management for the affected USB device by setting its power control sysfs entry to \"none\" or \"auto\" to prevent the suspend callback from executing the vulnerable code."], "summary": {"action": "Apply Patch", "impact": "Denial of Service via Network Stack Lock"}, "threat_synthesis": {"affected_systems": "Any Linux kernel that includes the unchanged aqc111 driver is vulnerable. All distributions shipping a kernel with this driver module, without the patch, are at risk. The vulnerability applies across the Linux kernel project and its variants. No specific kernel release series is listed, so pending existence of the code implies broad coverage.", "description_and_impact": "The aqc111 USB driver in the Linux kernel performs a power\u2011management write operation while handling a suspend callback. This action triggers a runtime PM resume that never completes, causing the task to block the networking lock and freeze the entire network stack. The result is a denial of network service for the affected system. The flaw is classified as a resource acquisition or use problem (CWE\u2011833).", "risk_and_exploitability": "Exploit probability is reported as less than 1\u202f% and the issue is not listed as a known exploited vulnerability. The vector is inferred as local; an attacker would need to manage the USB bus or provoke a suspend cycle on a connected aqc111 device inside the physical environment of the target. If successful, the impact would be a loss of network connectivity until the system is rebooted or the lock released. The overall risk is moderate due to the low likelihood yet critical effect on availability."}}}}, "created": "2026-04-03T21:13:51.951944+00:00", "updated": "2026-04-08T19:53:56.451562+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}