Description
In the Linux kernel, the following vulnerability has been resolved:

net: usb: aqc111: Do not perform PM inside suspend callback

syzbot reports "task hung in rpm_resume"

This is caused by aqc111_suspend calling
the PM variant of its write_cmd routine.

The simplified call trace looks like this:

rpm_suspend()
usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING
aqc111_suspend() - called for the usb device interface
aqc111_write32_cmd()
usb_autopm_get_interface()
pm_runtime_resume_and_get()
rpm_resume() - here we call rpm_resume() on our parent
rpm_resume() - Here we wait for a status change that will never happen.

At this point we block another task which holds
rtnl_lock and locks up the whole networking stack.

Fix this by replacing the write_cmd calls with their _nopm variants
Published: 2026-04-03
Score: n/a
EPSS: n/a
KEV: No
Impact: Kernel Hang leading to system freeze
Action: Apply Patch
AI Analysis

Impact

A flaw in the Linux kernel’s aqc111 USB driver performs a power‑management operation during device suspend that leads to a deadlock. The driver’s suspend routine invokes a write command that internally calls a runtime power‑management function. This causes the kernel to block waiting for a status change that never occurs, locking the networking stack and ultimately freezing the system. The impact is a denial of availability for the entire host because the kernel cannot recover without a reboot.

Affected Systems

The vulnerability exists in any Linux kernel build that contains the aqc111 driver prior to the upstream patch that replaces the write command with its _nopm variant. No specific affected‑version list is provided, so all kernels that ship the obsolete driver code may be vulnerable.

Risk and Exploitability

No CVSS score is supplied and EPSS information is unavailable; the weakness is not listed in the CISA KEV catalog, indicating that it has not been reported as widely exploited yet. Exploitation requires a local or privileged user who can trigger a USB suspend cycle on a device that uses the aqc111 driver—plugging or unplugging such a device can reproduce the hang. The attack vector is therefore inferred to be local with the precondition that the driver is active on the target system.

Generated by OpenCVE AI on April 3, 2026 at 18:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the upstream kernel patch that replaces aqc111_write32_cmd with its _nopm variant
  • Upgrade to a kernel version that includes the fix
  • Verify that the device interface no longer calls the deprecated power‑management functions during suspend
  • If an immediate upgrade is not possible, avoid suspending USB devices that use the aqc111 driver until a patch is applied

Generated by OpenCVE AI on April 3, 2026 at 18:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 04 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-833
References

Fri, 03 Apr 2026 21:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Fri, 03 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Do not perform PM inside suspend callback syzbot reports "task hung in rpm_resume" This is caused by aqc111_suspend calling the PM variant of its write_cmd routine. The simplified call trace looks like this: rpm_suspend() usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING aqc111_suspend() - called for the usb device interface aqc111_write32_cmd() usb_autopm_get_interface() pm_runtime_resume_and_get() rpm_resume() - here we call rpm_resume() on our parent rpm_resume() - Here we wait for a status change that will never happen. At this point we block another task which holds rtnl_lock and locks up the whole networking stack. Fix this by replacing the write_cmd calls with their _nopm variants
Title net: usb: aqc111: Do not perform PM inside suspend callback
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-04-03T15:15:29.863Z

Reserved: 2026-01-13T15:37:46.019Z

Link: CVE-2026-23446

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-03T16:16:30.317

Modified: 2026-04-03T16:16:30.317

Link: CVE-2026-23446

cve-icon Redhat

Severity :

Publid Date: 2026-04-03T00:00:00Z

Links: CVE-2026-23446 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-03T21:16:06Z

Weaknesses