CVE-2026-43250

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in epnuke The ChipIdea UDC driver can encounter "not page aligned sg buffer" errors when a USB device is reconnected after being disconnected during an active transfer. This occurs becau...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007463)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007463 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from...

usb: gadget: udc: fix use-after-free in usb_gadget_state_work

...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986977)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986977 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc-dev.driver The syzbot fuzzer found a...

UBUNTU-CVE-2023-53418

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: lpc32xxudc: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremo...

CVE-2025-38376

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet scp a...

CVE-2025-38376

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet scp a b...

CVE-2025-38376 usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet scp a b...

UBUNTU-CVE-2022-49980

In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usbudcuevent The syzbot fuzzer found a race between uevent callbacks and gadget driver unregistration that can cause a use-after-free bug:...

DEBIAN-CVE-2024-57913

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Remove WARNON in functionfsbind This commit addresses an issue related to below kernel panic where paniconwarn is enabled. It is caused by the unnecessary use of WARNON in functionsfsbind, which easily leads to...

UBUNTU-CVE-2024-57913

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ffs: Remove WARNON in functionfsbind This commit addresses an issue related to below kernel panic where paniconwarn is enabled. It is caused by the unnecessary use of WARNON in functionsfsbind, which easily leads to...

CVE-2024-56698

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3request-numqueuedsgs is decremented on completion. If a partially completed request is handled, then the dwc3request-numqueuedsgs no longer reflects the total number of...

usb: gadget: aspeed_udc: validate endpoint index for ast udc

...

SUSE CVE-2024-35822

In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usbepqueue+0x7c/0x104 pc :...

DEBIAN-CVE-2021-46986

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Free gadget structure only after freeing endpoints As part of commit e81a7018d93a "usb: dwc3: allocate gadget structure dynamically" the dwc3gadgetrelease was added which will free the dwc-gadget structure upon...