74 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb:dwc3:gadget: Move vbus draw to workqueue context Currently, dwc3gadgetvbusdraw can be called from an atomic context, which in turn invokes APIs from power-supply-core. Some of these PMIC APIs have operations that may enter a...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: A fix was made to the NULL pointer dereference in dwc3gadgetsuspend. In current scenarios where “Plug-out” and “Plug-In” operations are performed continuously, there is a possibility that a NULL pointer...
SUSE CVE-2026-43170
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...
CVE-2026-43170
A flaw was found in the Linux kernel's USB DWC3 gadget driver. This vulnerability occurs when the dwc3gadgetvbusdraw function is called from an atomic context, which then invokes power management integrated circuit PMIC APIs that may cause the system to sleep. An attacker could exploit this...
EUVD-2026-27731
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...
CVE-2026-43170
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...
CVE-2026-43170
CVE-2026-43170 affects the Linux kernel USB DWC3 gadget driver. The vulnerability arises when dwc3_gadget_vbus_draw() is called from atomic context and may invoke PMIC APIs that sleep, risking kernel panic. The fix moves vbus_draw to a workqueue context, mitigating sleep in atomic operations. Aff...
CVE-2026-43170 usb: dwc3: gadget: Move vbus draw to workqueue context
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...
CVE-2026-43170
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3gadgetvbusdraw can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading...
PT-2026-37510
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists where the dwc3 gadget vbus draw function can be called from an atomic context. This function invokes power-supply-core APIs, some of which contain PMIC Power Management...
Azure Linux 3.0 Security Update: kernel (CVE-2025-37810)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-37810 advisory. - In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event coun...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003649)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003649 advisory. In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with fhid. Tenable has extracted the precedin...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992746)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992746 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992656)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992656 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is...
Moderate: Red Hat Security Advisory: kernel-rt security update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...
kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event buffer length. Check...
AlmaLinux 10 : kernel (ALSA-2025:16354)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:16354 advisory. kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length CVE-2025-37810 kernel: sunrpc: fix handling of server side tls...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986840)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986840 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail from dwc3gadgetexit if dwc-gadget is NULL There exists a possible scenari...
RockyLinux 10 : kernel (RLSA-2025:16354)
The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:16354 advisory. kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length CVE-2025-37810 kernel: sunrpc: fix handling of server side tls...