CVE-2026-31756
Published: May 1, 2026
Modified: May 23, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() dwc2_gadget_exit_clock_gating() internally calls call_gadget() macro, which expects hsotg->lock to be held since it does spin_unlock/spin_lock around the gadget driver callback invocation. However, dwc2_hsotg_udc_stop() calls dwc2_gadget_exit_clock_gating() without holding the lock. This leads to: - spin_unlock on a lock that is not held (undefined behavior) - The lock remaining held after dwc2_gadget_exit_clock_gating() returns, causing a deadlock when spin_lock_irqsave() is called later in the same function. Fix this by acquiring hsotg->lock before calling dwc2_gadget_exit_clock_gating() and releasing it afterwards, which satisfies the locking requirement of the call_gadget() macro.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 5cb3cb3db317c58d50b68f3ca3bb8343ea9d1acd - < e9fcca3e87463013d595c65c2189ffaa32ad3b50affected 1ac826cebc2776f91569f2aa9c9c3da2375d2096 - < 8ffe31acb3b77a30ae34d01719a269881569fb7faffected 41732f9febdccb4f9b87c13cb915d717d68ccafd - < beab10429439e20708036a66fb0d97ffb79da6a1affected ba78c2b3254c4a458c01776612e8a573e12f8d26 - < 4ed9d2dd9f29828c311db6ec4b8e0d34bfd6d6a4affected af076a41f8a28faf9ceb9dd2d88aef2c202ef39a - < 61937f686290494998236c680ce0836b8dd63a3f+8 more versions |
Linux | Linux | affected 6.16unaffected 0 - < 6.16unaffected 5.15.203 - <= 5.15.*unaffected 6.1.168 - <= 6.1.*unaffected 6.6.134 - <= 6.6.*+4 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now