Primary

Context

Linux Kernel USB Gadget Workqueue Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's USB gadget subsystem can lead to improper workqueue management after a device is removed. The issue arises in the dwc3 driver, where the device_del() function can trigger new work to be scheduled in the gadget's workqueue before the workqueue is properly cleaned up. This can result in unexpected behavior or resource management issues.

Impact

The vulnerability can cause work to be scheduled in the gadget's workqueue after a device has been removed, potentially leading to resource management issues or unexpected behavior in the USB gadget subsystem.

Remediation

The vulnerability has been addressed by modifying the workqueue management to ensure it is properly flushed after the device removal. Users should apply the latest patches available in the Linux kernel to address this issue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel USB Gadget Workqueue Management Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating