CVE-2025-21838

Published Mar 7, 2025

Last updated a month ago

Overview

Description
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the workqueue is cleaned up.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Received

Social media

Hype score
Not currently trending

  1. New post from https://t.co/uXvPWJy6tj (CVE-2025-21838 | Linux Kernel up to 6.6.79/6.12.15/6.13.3/6.14-rc2 usb device_del state issue) has been published on https://t.co/gGH8QGvdgM

    @WolfgangSesin

    7 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References