CVE-2025-39801
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-11-03

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn' is enabled and unnecessary call trace prints when 'panic_on_warn' is disabled. It is seen during fast software-controlled connect/disconnect testcases. The following is one such endpoint command timeout that we observed: 1. Connect ======= ->dwc3_thread_interrupt ->dwc3_ep0_interrupt ->configfs_composite_setup ->composite_setup ->usb_ep_queue ->dwc3_gadget_ep0_queue ->__dwc3_gadget_ep0_queue ->__dwc3_ep0_do_control_data ->dwc3_send_gadget_ep_cmd 2. Disconnect ========== ->dwc3_thread_interrupt ->dwc3_gadget_disconnect_interrupt ->dwc3_ep0_reset_state ->dwc3_ep0_end_control_data ->dwc3_send_gadget_ep_cmd In the issue scenario, in Exynos platforms, we observed that control transfers for the previous connect have not yet been completed and end transfer command sent as a part of the disconnect sequence and processing of USB_ENDPOINT_HALT feature request from the host timeout. This maybe an expected scenario since the controller is processing EP commands sent as a part of the previous connect. It maybe better to remove WARN_ON in all places where device endpoint commands are sent to avoid unnecessary kernel panic due to warn.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-11-03
Generated
2026-05-06
AI Q&A
2025-09-15
EPSS Evaluated
2026-05-05
NVD
CVE-2025-39801
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel 6.1.153
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

If your system uses the affected Linux kernel USB driver and is configured with panic_on_warn enabled, this vulnerability can cause unexpected kernel panics during rapid USB device connect and disconnect operations. This can lead to system instability or crashes. Without panic_on_warn enabled, it may cause unnecessary kernel warning messages and call trace prints, which could clutter logs but not crash the system.


Can you explain this vulnerability to me?

This vulnerability involves a rarely observed endpoint command timeout in the Linux kernel's USB driver (dwc3). During fast software-controlled connect/disconnect test cases, certain USB control transfers from a previous connection may not complete before a disconnect sequence begins, causing a timeout. This timeout triggers a WARN_ON warning, which can lead to a kernel panic if the system is configured to panic on warnings. The fix removes these WARN_ON calls to prevent unnecessary kernel panics and call trace prints caused by these timeouts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart