In the Linux kernel, the following vulnerability has been...
Moderate severity
Unreviewed
Published
May 1, 2026
to the GitHub Advisory Database
•
Updated May 8, 2026
Description
Published by the National Vulnerability Database
May 1, 2026
Published to the GitHub Advisory Database
May 1, 2026
Last updated
May 8, 2026
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop()
dwc2_gadget_exit_clock_gating() internally calls call_gadget() macro,
which expects hsotg->lock to be held since it does spin_unlock/spin_lock
around the gadget driver callback invocation.
However, dwc2_hsotg_udc_stop() calls dwc2_gadget_exit_clock_gating()
without holding the lock. This leads to:
causing a deadlock when spin_lock_irqsave() is called later in the
same function.
Fix this by acquiring hsotg->lock before calling
dwc2_gadget_exit_clock_gating() and releasing it afterwards, which
satisfies the locking requirement of the call_gadget() macro.
References