CVE-2026-43170

Summary

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: gadget: Move vbus draw to workqueue context

Currently dwc3_gadget_vbus_draw() can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading to kernel panic.

Fix this by moving the vbus_draw into a workqueue context.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux99288de36020c5a6976df77e53ac449b0f75c97f < 76c1123ffccfaba95cf4ecc2a50f95504a522424affected
LinuxLinux99288de36020c5a6976df77e53ac449b0f75c97f < a7a80c25b65112768eeba58a7af129d3c52a6d90affected
LinuxLinux99288de36020c5a6976df77e53ac449b0f75c97f < 2333653ef854c2cc124077f71a8526f03bf6e06aaffected
LinuxLinux99288de36020c5a6976df77e53ac449b0f75c97f < 74a231e3d99d310497ab0ccb359539a6063b316aaffected
LinuxLinux99288de36020c5a6976df77e53ac449b0f75c97f < 54aaa3b387c2f580a99dc86a9cc2eb6dfaf599a7affected
LinuxLinux5.13affected
LinuxLinux0 < 5.13unaffected
LinuxLinux6.6.128 <= 6.6.*unaffected
LinuxLinux6.12.75 <= 6.12.*unaffected
LinuxLinux6.18.16 <= 6.18.*unaffected
LinuxLinux6.19.6 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References