Description
In the Linux kernel, the following vulnerability has been resolved:

PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on

When PERST# is deasserted twice (assert -> deassert -> assert -> deassert),
a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc
(PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify()
and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers
on the controller core.

The call chain that causes the timeout:

pex_ep_event_pex_rst_deassert()
pci_epc_deinit_notify()
pci_epf_test_epc_deinit()
pci_epf_test_clear_bar()
pci_epc_clear_bar()
dw_pcie_ep_clear_bar()
__dw_pcie_ep_reset_bar()
dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register
reset_control_deassert(pcie->core_rst) <- Core powered on HERE

The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only
accessible after the controller core is powered on via
reset_control_deassert(pcie->core_rst). Accessing them before this point
results in a CBB timeout because the hardware is not yet operational.

Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to
after reset_control_deassert(pcie->core_rst), ensuring the controller is
fully powered on before any DBI register accesses occur.
Published: 2026-06-24
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A double deassertion of the PERST# signal on the Tegra194 PCIe controller triggers an improper deinitialization sequence in the driver, causing a DBI register (offset 0x8bc) to be accessed before the controller core is powered on. This timing fault forces a Control Backbone (CBB) timeout, halting the PCIe subsystem and potentially destabilizing the kernel, which manifests as a denial of service to the affected device. The flaw stems from an improper execution order (CWE‑367) where cleanup routines run before the core is ready.

Affected Systems

All systems running a Linux kernel that includes the Tegra194 PCIe driver and have not yet applied the patch are affected. This includes any boards or modules built with a Tegra194 platform that use the default kernel without the reported commit. The exact affected kernel versions are not listed, so all recent builds before the patch remain vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while an EPSS score of less than 1% implies a very low likelihood of exploitation. Based on the description, it is inferred that the attack vector is local or physical, requiring the ability to cause a double deassert of the PERST# signal or manipulate power‑cycling events. The vulnerability is not listed in CISA’s KEV catalog, which further suggests limited operational exposure. Overall risk is confined to environments where an attacker or automated power sequence can trigger the fault, potentially leading to PCIe device unavailability or kernel instability.

Generated by OpenCVE AI on June 27, 2026 at 04:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that incorporates the Tegra194 PCIe driver fix, which reorders the deinitialization steps to power on the core before any DBI register access.
  • If a recent kernel update is unavailable, cherry‑pick the commit that corrects the call your distribution.
  • After applying the patch, reboot the system and execute a double PERST# deassert test to confirm that no CBB timeout occurs and the PCIe devices remain operational.

Generated by OpenCVE AI on June 27, 2026 at 04:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 03:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-399

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-367
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low


Wed, 24 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
CWE-399

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core. The call chain that causes the timeout: pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational. Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.
Title PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:29:56.949Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53051

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Low

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53051 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T05:00:12Z

Weaknesses
  • CWE-367

    Time-of-check Time-of-use (TOCTOU) Race Condition