CVE-2026-23446Deadlock in Linux

CWE-833Deadlock6 documents6 sources
Severity
6.9MEDIUM
No vector
EPSS
0.0%
top 90.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 3

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtim

Affected Packages3 packages

Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linuxe58ba4544c7771591d1e3157bc01b4a8e4d1c3fc621f2f43741b51f62d767eb4752fbcefe2526926+6
debiandebian/linux< linux 6.19.10-1 (forky)

🔴Vulnerability Details

2
OSV
CVE-2026-23446: In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task h2026-04-03
GHSA
GHSA-mqjm-rhm6-4854: In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task2026-04-03

📋Vendor Advisories

2
Red Hat
kernel: net: usb: aqc111: Do not perform PM inside suspend callback2026-04-03
Debian
CVE-2026-23446: linux - In the Linux kernel, the following vulnerability has been resolved: net: usb: a...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23446 Impact, Exploitability, and Mitigation Steps | Wiz