What is CVE-2026-53051?

CVE-2026-53051 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.12.2 onward and patched in 6.12.91, 6.18.33, 7.0.10 and others. CVE-2026-53051 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53051?

CVE-2026-53051 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53051?

Yes, CVE-2026-53051 has been patched. Fixed versions include 6.12.91, 6.18.33, 7.0.10 and others. If you are running Linux kernel 6.12.2 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2026-53051 actively exploited?

CVE-2026-53051 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53051

In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Fix CBB timeout caused by DBI access before core power-on When PERST# is deasserted twice (assert -> deassert -> assert -> deassert), a CBB (Control Backbone) timeout occurs at DBI register offset 0x8bc (PCIE_MISC_CONTROL_1_OFF). This happens because pci_epc_deinit_notify() and dw_pcie_ep_cleanup() are called before reset_control_deassert() powers on the controller core. The call chain that causes the timeout: pex_ep_event_pex_rst_deassert() pci_epc_deinit_notify() pci_epf_test_epc_deinit() pci_epf_test_clear_bar() pci_epc_clear_bar() dw_pcie_ep_clear_bar() __dw_pcie_ep_reset_bar() dw_pcie_dbi_ro_wr_en() <- Accesses 0x8bc DBI register reset_control_deassert(pcie->core_rst) <- Core powered on HERE The DBI registers, including PCIE_MISC_CONTROL_1_OFF (0x8bc), are only accessible after the controller core is powered on via reset_control_deassert(pcie->core_rst). Accessing them before this point results in a CBB timeout because the hardware is not yet operational. Fix this by moving pci_epc_deinit_notify() and dw_pcie_ep_cleanup() to after reset_control_deassert(pcie->core_rst), ensuring the controller is fully powered on before any DBI register accesses occur.

Package Linux Kernel

Published 2026-06-24

Last modified 2026-06-24

Patch available

Yes

Affected versions

Linux kernel versions 6.12.2, 6.11.11, 6.13 and later are affected. Fixed in 6.12.91, 6.18.33, 7.0.10, 7.1 and their respective stable series.

Affected from

≥ 6.12.2 ≥ 6.11.11 ≥ 6.13

Fixed in

✓ 6.12.91 6.12.x ✓ 6.18.33 6.18.x ✓ 7.0.10 7.0.x ✓ 7.1

References

4 total

Frequently asked questions

What is CVE-2026-53051?

CVE-2026-53051 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.12.2 onward and has been patched in 6.12.91, 6.18.33, 7.0.10 and others. CVE-2026-53051 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2026-53051?

Yes — CVE-2026-53051 has been patched. Fixed versions include 6.12.91, 6.18.33, 7.0.10 and others. If you are running Linux kernel 6.12.2 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2026-53051 actively exploited?

No — CVE-2026-53051 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.