CVE-2026-43423
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: Fix atomic context locking issue
The ncm_set_alt function was holding a mutex to protect against races with configfs, which invokes the might-sleep function inside an atomic context.
Remove the struct net_device pointer from the f_ncm_opts structure to eliminate the contention. The connection state is now managed by a new boolean flag to preserve the use-after-free fix from commit 6334b8e4553c ("usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error").
BUG: sleeping function called from invalid context Call Trace: dump_stack_lvl+0x83/0xc0 dump_stack+0x14/0x16 __might_resched+0x389/0x4c0 __might_sleep+0x8e/0x100 … __mutex_lock+0x6f/0x1740 … ncm_set_alt+0x209/0xa40 set_config+0x6b6/0xb40 composite_setup+0x734/0x2b40 …
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | b62076e780a2121903ecf9ffdfb89c64647cb7da < e533a44fb1b337d14f772585b67328bee2e0b5e3 | affected |
| Linux | Linux | 188338c1827842f898761a939669cf345bdf07e2 < e95120b4b95ef1c16d8e94e201ae89f5e59e2612 | affected |
| Linux | Linux | 56a512a9b4107079f68701e7d55da8507eb963d9 < 0d6c8144ca4d93253de952a5ea0028c19ed7ab68 | affected |
| Linux | Linux | 6.18.17 < 6.18.19 | affected |
| Linux | Linux | 6.19.7 < 6.19.9 | affected |
Weaknesses
References
- https://git.kernel.org/stable/c/e533a44fb1b337d14f772585b67328bee2e0b5e3
- https://git.kernel.org/stable/c/e95120b4b95ef1c16d8e94e201ae89f5e59e2612
- https://git.kernel.org/stable/c/0d6c8144ca4d93253de952a5ea0028c19ed7ab68
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.