In the Linux kernel, the following vulnerability has been resolved:
PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on
When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIEMISCCONTROL1OFF). This happens because pciepcdeinitnotify() and dwpcieepcleanup() are called before resetcontroldeassert() powers on the controller core.
The call chain that causes the timeout:
pexepeventpexrstdeassert() pciepcdeinitnotify() pciepftestepcdeinit() pciepftestclearbar() pciepcclearbar() dwpcieepclear_bar() __dwpcieepresetbar() dwpciedbirowren() <- Accesses 0x8bc DBI register resetcontroldeassert(pcie->corerst) <- Core powered on HERE
The DBI registers, including PCIEMISCCONTROL1OFF (0x8bc), are only accessible after the controller core is powered on via resetcontroldeassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational.
Fix this by moving pciepcdeinitnotify() and dwpcieepcleanup() to after resetcontroldeassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53051.json"
}