CVE-2026-43170
Awaiting Analysis Awaiting Analysis - Queue
USB Gadget VBUS Draw Race Condition in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Move vbus draw to workqueue context Currently dwc3_gadget_vbus_draw() can be called from atomic context, which in turn invokes power-supply-core APIs. And some these PMIC APIs have operations that may sleep, leading to kernel panic. Fix this by moving the vbus_draw into a workqueue context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-43170
EUVD
EUVD-2026-27731
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's USB driver for the dwc3 gadget. The function dwc3_gadget_vbus_draw() can be called from an atomic context, but it invokes power-supply-core APIs that may perform operations that can sleep. Since sleeping is not allowed in atomic context, this can lead to a kernel panic. The fix involves moving the vbus_draw operation into a workqueue context where sleeping is permitted.

Impact Analysis

This vulnerability can cause the Linux kernel to panic due to improper context usage when calling power management APIs. A kernel panic results in a system crash, which can lead to denial of service, system instability, and potential data loss or corruption.

Mitigation Strategies

The vulnerability has been resolved by moving the vbus_draw operation into a workqueue context to avoid kernel panic caused by sleeping in atomic context.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43170. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart