82 matches found
CVE-2026-63927
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix use after free in debug code We're not allowed to dereference "urb" after calling usbhcdgivebackurb so save the urb-status ahead of time...
CVE-2026-63927 usb: dwc2: Fix use after free in debug code
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix use after free in debug code We're not allowed to dereference "urb" after calling usbhcdgivebackurb so save the urb-status ahead of time...
EUVD-2026-45700
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix use after free in debug code We're not allowed to dereference "urb" after calling usbhcdgivebackurb so save the urb-status ahead of time...
CVE-2026-63927
The CVE affects the Linux kernel USB subsystem (dwc2 driver). The issue is a use-after-free in the debug path where the urb could be dereferenced after usb_hcd_giveback_urb(). The fix saves urb->status before returning the URB to avoid dereferencing after the giveback, preventing use-after-fre...
PT-2026-61244
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix use after free in debug code We're not allowed to dereference "urb" after calling usb hcd giveback urb so save the urb-status ahead of time...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - usb: dwc2: gadget: Fixed the mismatch between spinlock and unlock calls in dwc2hsotgudcstop. - dwc2gadgetexitclockgating: Internally calls the callgadget macro, which expects hsotg-lock to be held since it performs...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: usb:dwc2: Fixed a memory leak in dwc2hcdinit. usbcreatehcd will allocate memory for hcd, and we should call usbputhcd to free that memory when platformgetresource fails—this prevents the memory leak. The code has been modified to...
Astra Linux – Vulnerability in Qemu
A divide-by-zero issue was discovered in dwc2handlepacket in hw/usb/hcd-dwc2.c, within the hcd-dwc2 USB host controller emulation in QEMU. A malicious guest could exploit this flaw to crash the QEMU process on the host, resulting in a denial of service...
SUSE CVE-2026-31756
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
Linux Distros Unpatched Vulnerability : CVE-2026-31756
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be...
CVE-2026-31756
A flaw was found in the Linux kernel's dwc2 USB gadget driver. A local user could trigger an incorrect locking sequence within the dwc2hsotgudcstop function. This issue, a spinlock/unlock mismatch, can lead to a system deadlock, causing a Denial of Service DoS for the affected system...
CVE-2026-31756
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop dwc2gadgetexitclockgating internally calls callgadget macro, which expects hsotg-lock to be held since it does spinunlock/spinlock around the gadget driver...
PT-2026-36391
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A spin lock/unlock mismatch exists in the dwc2 hsotg udc stop function. The dwc2 gadget exit clock gating function internally utilizes the call gadget macro, which requires hsotg-lock to...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013316)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013316 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host: Fix dereference issue in DDMA completion flow. Fixed variable dereference issue ...
ROS-20260128-73-0021
A vulnerability in the drivers/usb/dwc2/platform.c module of the Linux operating system kernel is related to a memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993165)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993165 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hwenable upon suspend resume Each time the platform goes to low...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992569)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992569 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hwenable upon suspend resume Each time the platform goes to low...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989363)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989363 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platformgetresource It will cause null-ptr-deref if...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986633)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986633 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: Fix memory leak in dwc2hcdinit usbcreatehcd will alloc memory for hcd, and we should...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-986430)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986430 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platformgetresource It will cause null-ptr-deref if...