CVE-2026-45911 Linux CVE debrief

Who should care

Organizations running Linux systems with Cadence USB3 controllers, particularly embedded systems using Texas Instruments J7200 or similar SoCs that rely on USB role switching and suspend/resume functionality. System administrators managing Linux kernels with USB OTG or dual-role controller configurations should prioritize this fix.

Technical summary

The cdns3 driver in the Linux kernel mishandles USB role changes that occur during system suspend. When resuming, if the role changed to host mode while suspended, the driver's resume path attempts to access xhci-hcd structures before the device has completed probing, resulting in a NULL pointer dereference. The fix modifies the resume logic to skip resume operations for newly switched roles, deferring xhci-hcd initialization until after the resume sequence completes.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the fix commits when available from your Linux distribution
• Monitor stable kernel releases for backported fixes to affected versions
• Review systems using Cadence USB3 controllers for suspend/resume reliability
• Consider disabling USB role switching during suspend if hardware/firmware permits
• Test suspend/resume cycles on affected hardware after applying patches

Evidence notes

The vulnerability description and fix are sourced from the official CVE record and NVD entry. The NULL pointer dereference occurs at offset 0x208, with the crash happening in usb_hcd_is_primary_hcd when invoked from cdns_host_resume. The call trace shows the resume path through cdns_resume, cdns3_controller_resume, and platform_pm_resume. Multiple stable kernel commits are referenced, indicating backports to various kernel versions.

Official resources