Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the workqueue is cleaned up.

INFO

Published Date :

2025-03-07T09:09:57.515Z

Last Modified :

2025-11-03T19:37:56.459Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-21838 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-21838.

URL Resource
https://git.kernel.org/stable/c/399a45e5237ca14037120b1b895bd38a3b4492ea cve-icon cve-icon
https://git.kernel.org/stable/c/859cb45aefa6de823b2fa7f229fe6d9562c9f3b7 cve-icon cve-icon
https://git.kernel.org/stable/c/97695b5a1b5467a4f91194db12160f56da445dfe cve-icon cve-icon
https://git.kernel.org/stable/c/e3bc1a9a67ce33a2e761e6e7b7c2afc6cb9b7266 cve-icon cve-icon
https://git.kernel.org/stable/c/f894448f3904d7ad66fecef8f01fe0172629e091 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html cve-icon
https://lore.kernel.org/linux-cve-announce/2025030706-CVE-2025-21838-5ade@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-21838 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-21838 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact