Linux Kernel USB Gadget Suspend-Resume Issue Affects Data Transfer Stability
CVE-2025-38376
What is CVE-2025-38376?
A vulnerability exists in the Linux kernel pertaining to the USB gadget subsystem, particularly during device suspend and resume cycles. When a USB gadget, configured as an Ethernet device, is in a state of active data transfer and subsequently transitions to suspend, a conflict occurs between the suspended USB device controller and the still-active USB bus. The result is a system hang when the USB controller's registers are accessed after it is suspended. This issue can be mitigated by implementing a procedure to properly disconnect the device from the host before entering the suspend state, which prevents unwanted data transfer operations and ensures graceful re-establishment of the connection upon waking the system.
Affected Version(s)
Linux 235ffc17d0146d806f6ad8c094c24ff4878f2edb < 937f49be49d6ee696eb5457c21ff89c135c9b5ae
Linux 235ffc17d0146d806f6ad8c094c24ff4878f2edb
Linux 235ffc17d0146d806f6ad8c094c24ff4878f2edb < 5fd585fedb79bac2af9976b0fa3ffa354f0cc0bb