5.5

CVE-2026-31756

usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()

dwc2_gadget_exit_clock_gating() internally calls call_gadget() macro,
which expects hsotg->lock to be held since it does spin_unlock/spin_lock
around the gadget driver callback invocation.

However, dwc2_hsotg_udc_stop() calls dwc2_gadget_exit_clock_gating()
without holding the lock. This leads to:
 - spin_unlock on a lock that is not held (undefined behavior)
 - The lock remaining held after dwc2_gadget_exit_clock_gating() returns,
   causing a deadlock when spin_lock_irqsave() is called later in the
   same function.

Fix this by acquiring hsotg->lock before calling
dwc2_gadget_exit_clock_gating() and releasing it afterwards, which
satisfies the locking requirement of the call_gadget() macro.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 5.15.187 < 5.15.203
LinuxLinux Kernel Version >= 6.1.143 < 6.1.168
LinuxLinux Kernel Version >= 6.6.96 < 6.6.134
LinuxLinux Kernel Version >= 6.12.36 < 6.12.81
LinuxLinux Kernel Version >= 6.15.5 < 6.18.22
LinuxLinux Kernel Version >= 6.19 < 6.19.12
LinuxLinux Kernel Version7.0 Updaterc1
LinuxLinux Kernel Version7.0 Updaterc2
LinuxLinux Kernel Version7.0 Updaterc3
LinuxLinux Kernel Version7.0 Updaterc4
LinuxLinux Kernel Version7.0 Updaterc5
LinuxLinux Kernel Version7.0 Updaterc6
LinuxLinux Kernel Version7.0 Updaterc7
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.1% 0.008
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/e9fcca3e87463013d595c65c2189ffaa32ad3b50
Patch
https://git.kernel.org/stable/c/8ffe31acb3b77a30ae34d01719a269881569fb7f
Patch
https://git.kernel.org/stable/c/beab10429439e20708036a66fb0d97ffb79da6a1
Patch
https://git.kernel.org/stable/c/4ed9d2dd9f29828c311db6ec4b8e0d34bfd6d6a4
Patch
https://git.kernel.org/stable/c/61937f686290494998236c680ce0836b8dd63a3f
Patch
https://git.kernel.org/stable/c/51b62286fc668c6eb74dee7624ec0beec3c5a0ed
Patch
https://git.kernel.org/stable/c/9bb4b5ed7f8c4f95cc556bdf042b0ba2fa13557a
Patch