CVE-2026-45911

In the Linux kernel, the following vulnerability has been resolved:

usb: cdns3: fix role switching during resume

If the role change while we are suspended, the cdns3 driver switches to the new mode during resume. However, switching to host mode in this context causes a NULL pointer dereference.

The host role's start() operation registers a xhci-hcd device, but its probe is deferred while we are in the resume path. The host role's resume() operation assumes the xhci-hcd device is already probed, which is not the case, leading to the dereference. Since the start() operation of the new role is already called, the resume operation can be skipped.

So skip the resume operation for the new role if a role switch occurs during resume. Once the resume sequence is complete, the xhci-hcd device can be probed in case of host mode.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000208 Mem abort info: ... Data abort info: ... [0000000000000208] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 146 Comm: sh Not tainted 6.19.0-rc7-00013-g6e64f4aabfae-dirty #135 PREEMPT Hardware name: Texas Instruments J7200 EVM (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : usb hcd is primary hcd+0x0/0x1c lr : cdns host resume+0x24/0x5c ... Call trace: usb hcd is primary hcd+0x0/0x1c (P) cdns resume+0x6c/0xbc cdns3 controller resume.isra.0+0xe8/0x17c cdns3 plat resume+0x18/0x24 platform pm resume+0x2c/0x68 dpm run callback+0x90/0x248 device resume+0x100/0x24c dpm resume+0x190/0x2ec dpm resume end+0x18/0x34 suspend devices and enter+0x2b0/0xa44 pm suspend+0x16c/0x5fc state store+0x80/0xec kobj attr store+0x18/0x2c sysfs kf write+0x7c/0x94 kernfs fop write iter+0x130/0x1dc vfs write+0x240/0x370 ksys write+0x70/0x108 arm64 sys write+0x1c/0x28 invoke syscall+0x48/0x10c el0 svc common.constprop.0+0x40/0xe0 do el0 svc+0x1c/0x28 el0 svc+0x34/0x108 el0t 64 sync handler+0xa0/0xe4 el0t 64 sync+0x198/0x19c Code: 52800003 f9407ca5 d63f00a0 17ffffe4 (f9410401) ---[ end trace 0000000000000000 ]---