VYPR
Unrated severityNVD Advisory· Published Dec 24, 2025· Updated Apr 15, 2026

CVE-2023-54159

CVE-2023-54159

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: mtu3: fix kernel panic at qmu transfer done irq handler

When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it may lock @mtu->lock and free qmu ring, then qmu irq hanlder may get a NULL gpd, avoid the KE by checking gpd's value before handling it.

e.g. qmu done irq on cpu0 thread running on cpu1

qmu_done_tx() handle gpd [0] mtu3_requ_complete() mtu3_gadget_ep_disable() unlock @mtu->lock give back request lock @mtu->lock mtu3_ep_disable() mtu3_gpd_ring_free() unlock @mtu->lock lock @mtu->lock get next gpd [1]

[1]: goto [0] to handle next gpd, and next gpd may be NULL.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

76

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.