CVE-2023-54256
Device Reset Logic Flaw in Linux dwc3 USB Causes Kernel Panic
Publication date: 2025-12-30
Last updated on: 2025-12-30
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's USB driver for the dwc3 controller. During system boot, the current device role (host or device) isn't properly initialized, causing the system to always perform a device-side reset even when the dwc3 controller is configured as host-only. This improper reset can lead to issues on some platforms, including kernel panic, because the device register block is accessed incorrectly.
How can this vulnerability impact me? :
If your system uses the dwc3 USB controller configured as host-only, this vulnerability can cause the kernel to panic during boot due to improper device-side resets. This can lead to system instability or crashes, potentially affecting availability and reliability.