CVE-2025-21838

MEDIUM EPSS 8.3%
Published Mar 7, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 7, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: flush gadget workqueue after device removal device_del() can lead to new work being scheduled in gadget->work workqueue. This is observed, for example, with the dwc3 driver with the following call stack: device_del() gadget_unbind_driver() usb_gadget_disconnect_locked() dwc3_gadget_pullup() dwc3_gadget_soft_disconnect() usb_gadget_set_state() schedule_work(&gadget->work) Move flush_work() after device_del() to ensure the workqueue is cleaned up.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
8.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥3.12  –  <6.1.130
linuxlinux_kernel*≥6.2  –  <6.6.80
linuxlinux_kernel*≥6.7  –  <6.12.16
linuxlinux_kernel*≥6.13  –  <6.13.4
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 6

  • git.kernel.org https://git.kernel.org/stable/c/399a45e5237ca14037120b1b895bd38a3b4492ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/859cb45aefa6de823b2fa7f229fe6d9562c9f3b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97695b5a1b5467a4f91194db12160f56da445dfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e3bc1a9a67ce33a2e761e6e7b7c2afc6cb9b7266
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f894448f3904d7ad66fecef8f01fe0172629e091
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/399a45e5237ca14037120b1b895bd38a3b4492ea
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/859cb45aefa6de823b2fa7f229fe6d9562c9f3b7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/97695b5a1b5467a4f91194db12160f56da445dfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e3bc1a9a67ce33a2e761e6e7b7c2afc6cb9b7266
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f894448f3904d7ad66fecef8f01fe0172629e091
    Patch