CVE-2026-23446

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: usb: aqc111: Do not perform PM inside suspend callback<br /> <br /> syzbot reports "task hung in rpm_resume"<br /> <br /> This is caused by aqc111_suspend calling<br /> the PM variant of its write_cmd routine.<br /> <br /> The simplified call trace looks like this:<br /> <br /> rpm_suspend()<br /> usb_suspend_both() - here udev-&gt;dev.power.runtime_status == RPM_SUSPENDING<br /> aqc111_suspend() - called for the usb device interface<br /> aqc111_write32_cmd()<br /> usb_autopm_get_interface()<br /> pm_runtime_resume_and_get()<br /> rpm_resume() - here we call rpm_resume() on our parent<br /> rpm_resume() - Here we wait for a status change that will never happen.<br /> <br /> At this point we block another task which holds<br /> rtnl_lock and locks up the whole networking stack.<br /> <br /> Fix this by replacing the write_cmd calls with their _nopm variants