Linux Kernel ACPI Companion Assignment Vulnerability in DWC3 USB Host Controller

Vulnerability

A vulnerability in the Linux kernel's DWC3 USB host controller implementation has been addressed. The issue arose from the unnecessary assignment of ACPI companions to xHCI ports and USB devices, which inadvertently replaced the secondary pointer of the firmware node for the parent DWC3 device. This unintentional sharing of the primary firmware node created potential side effects, such as resource leaks. The vulnerability has been resolved by stopping the ACPI companion assignment, as it is no longer needed.

Impact

The vulnerability could lead to resource leaks by unintentionally sharing the primary firmware node between the ACPI companion and the parent DWC3 device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel ACPI Companion Assignment Vulnerability in DWC3 USB Host Controller

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating