Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013081)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013081 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths This patch address...

kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

A use-after-free vulnerability was found in the DWC3 USB controller driver in the Linux kernel. Multiple unsynchronized execution paths can invoke dwc3removerequests concurrently, leading to premature freeing of USB requests. When one path frees requests while another is still processing them, a...

PT-2025-54085

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: don't reset device side if dwc3 was configured as host-only Commit c4a5153e87fd "usb: dwc3: core: Power-off core/PHYs on system suspend in host mode" replaces check for HOST only dr mode with current dr role. But durin...

usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths

...

EUVD-2025-203793

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking dwc3removerequests, leading to premature...

CVE-2022-50633 usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix memory leak in dwc3qcominterconnectinit oficcget alloc resources for path handle, we should release it when not need anymore. Like the release in dwc3qcominterconnectexit function. Add iccput in error handlin...

EUVD-2025-29185

Malicious code in bioql PyPI...

CVE-2025-39801 usb: dwc3: Remove WARN_ON for device endpoint command timeouts

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

CVE-2025-39801

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARNON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'paniconwarn' is enabled and unnecessary call trace prints...

Linux Distros Unpatched Vulnerability : CVE-2025-21838

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for...

PT-2025-20339

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the USB gadget functionality, specifically in the dwc3 driver. The problem occurs when the event count read...

SUSE CVE-2025-21838

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

DEBIAN-CVE-2025-21838

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal devicedel can lead to new work being scheduled in gadget-work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: devicedel...

CVE-2025-21838

CVE-2025-21838: In the Linux kernel, the usb: gadget: core: flush gadget workqueue after device removal fix prevents leaking workqueue items when device_del() schedules new work (e.g., via dwc3). The root cause is device_del() potentially scheduling work in gadget->work, with the subsequent sc...

Linux Distros Unpatched Vulnerability : CVE-2021-47272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail from dwc3gadgetexit if dwc-gadget is NULL There exists a possible...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the usb dwc3 driver setting ACPI companion may lead to resource consumption...

CVE-2021-47220

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

AZL-13821 CVE-2023-22999 affecting package kernel for versions less than 5.15.102.1-1

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3qcomcreateursusbplatdev return value expects it to be NULL in the error case, whereas it is actually an error pointer...