CVE-2023-54159 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it may lock @mtu->lock and free qmu ring, then qmu irq hanlder may get a NULL gpd, avoid the KE by checking gpd's value before handling it. e.g. qmu done irq on cpu0 thread running on cpu1 qmu_done_tx() handle gpd [0] mtu3_requ_complete() mtu3_gadget_ep_disable() unlock @mtu->lock give back request lock @mtu->lock mtu3_ep_disable() mtu3_gpd_ring_free() unlock @mtu->lock lock @mtu->lock get next gpd [1] [1]: goto [0] to handle next gpd, and next gpd may be NULL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/012936502a9cb7b0604e85bb961eb15e2bb40dd9
https://git.kernel.org/stable/c/26ca30516b2c49dd04c134cbdf122311c538df98
https://git.kernel.org/stable/c/3a7d4959560a2ee493ef222e3b63d359365f41ec
https://git.kernel.org/stable/c/b636aff94a67be46582d4321d11743f1a10cc2c1
https://git.kernel.org/stable/c/d28f4091ea7ec3510fd6a3c6d433234e7a2bef14
https://git.kernel.org/stable/c/ee53a7a88027cea765c68f3b00a50b8f58d6f786
https://git.kernel.org/stable/c/f26273428657ef4ca74740e578ae45a3be492f6f

History

Wed, 24 Dec 2025 13:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix kernel panic at qmu transfer done irq handler When handle qmu transfer irq, it will unlock @mtu->lock before give back request, if another thread handle disconnect event at the same time, and try to disable ep, it may lock @mtu->lock and free qmu ring, then qmu irq hanlder may get a NULL gpd, avoid the KE by checking gpd's value before handling it. e.g. qmu done irq on cpu0 thread running on cpu1 qmu_done_tx() handle gpd [0] mtu3_requ_complete() mtu3_gadget_ep_disable() unlock @mtu->lock give back request lock @mtu->lock mtu3_ep_disable() mtu3_gpd_ring_free() unlock @mtu->lock lock @mtu->lock get next gpd [1] [1]: goto [0] to handle next gpd, and next gpd may be NULL.
Title		usb: mtu3: fix kernel panic at qmu transfer done irq handler
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/012936502a9cb7b0604e85bb961eb15e2bb40dd9 https://git.kernel.org/stable/c/26ca30516b2c49dd04c134cbdf122311c538df98 https://git.kernel.org/stable/c/3a7d4959560a2ee493ef222e3b63d359365f41ec https://git.kernel.org/stable/c/b636aff94a67be46582d4321d11743f1a10cc2c1 https://git.kernel.org/stable/c/d28f4091ea7ec3510fd6a3c6d433234e7a2bef14 https://git.kernel.org/stable/c/ee53a7a88027cea765c68f3b00a50b8f58d6f786 https://git.kernel.org/stable/c/f26273428657ef4ca74740e578ae45a3be492f6f

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-12-24T13:07:08.207Z

Updated: 2025-12-24T13:07:08.207Z

Reserved: 2025-12-24T13:02:52.531Z

Link: CVE-2023-54159

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-12-24T13:16:17.960

Modified: 2025-12-24T13:16:17.960

Link: CVE-2023-54159

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object