{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43170", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.990Z", "datePublished": "2026-05-06T11:27:46.021Z", "dateUpdated": "2026-05-11T22:19:08.468Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:19:08.468Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Move vbus draw to workqueue context\n\nCurrently dwc3_gadget_vbus_draw() can be called from atomic\ncontext, which in turn invokes power-supply-core APIs. And\nsome these PMIC APIs have operations that may sleep, leading\nto kernel panic.\n\nFix this by moving the vbus_draw into a workqueue context."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/core.c", "drivers/usb/dwc3/core.h", "drivers/usb/dwc3/gadget.c"], "versions": [{"version": "99288de36020c5a6976df77e53ac449b0f75c97f", "lessThan": "76c1123ffccfaba95cf4ecc2a50f95504a522424", "status": "affected", "versionType": "git"}, {"version": "99288de36020c5a6976df77e53ac449b0f75c97f", "lessThan": "a7a80c25b65112768eeba58a7af129d3c52a6d90", "status": "affected", "versionType": "git"}, {"version": "99288de36020c5a6976df77e53ac449b0f75c97f", "lessThan": "2333653ef854c2cc124077f71a8526f03bf6e06a", "status": "affected", "versionType": "git"}, {"version": "99288de36020c5a6976df77e53ac449b0f75c97f", "lessThan": "74a231e3d99d310497ab0ccb359539a6063b316a", "status": "affected", "versionType": "git"}, {"version": "99288de36020c5a6976df77e53ac449b0f75c97f", "lessThan": "54aaa3b387c2f580a99dc86a9cc2eb6dfaf599a7", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/usb/dwc3/core.c", "drivers/usb/dwc3/core.h", "drivers/usb/dwc3/gadget.c"], "versions": [{"version": "5.13", "status": "affected"}, {"version": "0", "lessThan": "5.13", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.128", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.6.128"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/76c1123ffccfaba95cf4ecc2a50f95504a522424"}, {"url": "https://git.kernel.org/stable/c/a7a80c25b65112768eeba58a7af129d3c52a6d90"}, {"url": "https://git.kernel.org/stable/c/2333653ef854c2cc124077f71a8526f03bf6e06a"}, {"url": "https://git.kernel.org/stable/c/74a231e3d99d310497ab0ccb359539a6063b316a"}, {"url": "https://git.kernel.org/stable/c/54aaa3b387c2f580a99dc86a9cc2eb6dfaf599a7"}], "title": "usb: dwc3: gadget: Move vbus draw to workqueue context", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8417E1B-91C8-497E-AA0A-CB8A761DC250", "versionEndExcluding": "6.6.128", "versionStartIncluding": "5.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCE16369-98ED-41CF-8995-DFDC10B288D2", "versionEndExcluding": "6.12.75", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4B8CDA9-BADF-4CF5-8B3B-702DE8EEA40B", "versionEndExcluding": "6.18.16", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "373EEEDA-FAA1-4FB4-B6ED-DB4DD99DBE67", "versionEndExcluding": "6.19.6", "versionStartIncluding": "6.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Move vbus draw to workqueue context\n\nCurrently dwc3_gadget_vbus_draw() can be called from atomic\ncontext, which in turn invokes power-supply-core APIs. And\nsome these PMIC APIs have operations that may sleep, leading\nto kernel panic.\n\nFix this by moving the vbus_draw into a workqueue context."}], "id": "CVE-2026-43170", "lastModified": "2026-05-13T14:52:52.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-05-06T12:16:35.320", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2333653ef854c2cc124077f71a8526f03bf6e06a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/54aaa3b387c2f580a99dc86a9cc2eb6dfaf599a7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/74a231e3d99d310497ab0ccb359539a6063b316a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/76c1123ffccfaba95cf4ecc2a50f95504a522424"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/a7a80c25b65112768eeba58a7af129d3c52a6d90"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: usb: dwc3: gadget: Move vbus draw to workqueue context", "id": "2467103", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467103"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-663", "details": ["A flaw was found in the Linux kernel's USB DWC3 gadget driver. This vulnerability occurs when the `dwc3_gadget_vbus_draw()` function is called from an atomic context, which then invokes power management integrated circuit (PMIC) APIs that may cause the system to sleep. An attacker could exploit this condition to trigger a kernel panic, leading to a Denial of Service (DoS) on the affected system."], "name": "CVE-2026-43170", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-05-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-43170\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-43170\nhttps://lore.kernel.org/linux-cve-announce/2026050635-CVE-2026-43170-01fa@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[99288de36020c5a6976df77e53ac449b0f75c97f,76c1123ffccfaba95cf4ecc2a50f95504a522424)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[99288de36020c5a6976df77e53ac449b0f75c97f,a7a80c25b65112768eeba58a7af129d3c52a6d90)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[99288de36020c5a6976df77e53ac449b0f75c97f,2333653ef854c2cc124077f71a8526f03bf6e06a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[99288de36020c5a6976df77e53ac449b0f75c97f,74a231e3d99d310497ab0ccb359539a6063b316a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[99288de36020c5a6976df77e53ac449b0f75c97f,54aaa3b387c2f580a99dc86a9cc2eb6dfaf599a7)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "5.13"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,5.13)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.128,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.75,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.16,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.6,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-05-06T14:15:05.987697+00:00", "updated": "2026-05-13T17:30:06.824598+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}