CVE-2026-53051
Received Received - Intake
PCI CBB Timeout in Tegra194 Kernel Driver

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core. The call chain that causes the timeout: pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational. Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-53051
EUVD
EUVD-2026-38919
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in the Linux kernel related to the PCI subsystem for the tegra194 platform. Specifically, a Control Backbone (CBB) timeout happens when the PCI reset signal (PERST#) is deasserted twice in a sequence. The timeout is caused because certain functions that access DBI registers are called before the controller core is powered on.

The problem arises because the code accesses a DBI register at offset 0x8bc (PCIE_MISC_CONTROL_1_OFF) before the controller core is powered on via reset_control_deassert(). Since the hardware is not yet operational at this point, accessing these registers causes a timeout.

The fix involves reordering the calls so that the controller core is powered on first, before any DBI register accesses occur, preventing the timeout.

Impact Analysis

This vulnerability can cause a Control Backbone (CBB) timeout in the PCI subsystem of affected Linux kernel versions on the tegra194 platform. Such a timeout may lead to hardware communication issues or failures during PCI device reset sequences.

As a result, this could cause instability or malfunction of PCI devices relying on this controller, potentially impacting system reliability or performance.

Mitigation Strategies

To mitigate this vulnerability, ensure that the controller core is fully powered on before any DBI register accesses occur.

Specifically, the fix involves moving the calls to pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after the reset_control_deassert(pcie->core_rst) call, which powers on the controller core.

This prevents accessing DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), before the hardware is operational, thereby avoiding the CBB timeout.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53051. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart