CVE-2026-43324
Received Received - Intake
USB: dummy-hcd Interrupt Synchronization Error Fix

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat involved history. The synchronization mechanism was introduced by commit 7dbd8f4cabd9 ("USB: dummy-hcd: Fix erroneous synchronization change"), which added an emulated "interrupts enabled" flag together with code emulating synchronize_irq() (it waits until all current handler callbacks have returned). But the emulated interrupt-disable occurred too late, after the driver containing the handler callback routines had been told that it was unbound and no more callbacks would occur. Commit 4a5d797a9f9c ("usb: gadget: dummy_hcd: fix gpf in gadget_setup") tried to fix this by moving the synchronize_irq() emulation code from dummy_stop() to dummy_pullup(), which runs before the unbind callback. There still were races, though, because the emulated interrupt-disable still occurred too late. It couldn't be moved to dummy_pullup(), because that routine can be called for reasons other than an impending unbind. Therefore commits 7dc0c55e9f30 ("USB: UDC core: Add udc_async_callbacks gadget op") and 04145a03db9d ("USB: UDC: Implement udc_async_callbacks in dummy-hcd") added an API allowing the UDC core to tell dummy-hcd exactly when emulated interrupts and their callbacks should be disabled. That brings us to the current state of things, which is still wrong because the emulated synchronize_irq() occurs before the emulated interrupt-disable! That's no good, beause it means that more emulated interrupts can occur after the synchronize_irq() emulation has run, leading to the possibility that a callback handler may be running when the gadget driver is unbound. To fix this, we have to move the synchronize_irq() emulation code yet again, to the dummy_udc_async_callbacks() routine, which takes care of enabling and disabling emulated interrupt requests. The synchronization will now run immediately after emulated interrupts are disabled, which is where it belongs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43324
EUVD
EUVD-2026-28608
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an interrupt synchronization error in the Linux kernel's dummy-hcd USB driver. The issue arises because the emulated interrupt-disable mechanism occurs too late, after the driver has been unbound, allowing interrupt callbacks to still run. This improper timing can cause race conditions where callbacks execute when they should not, potentially leading to unstable or unexpected behavior.

The problem stems from the synchronization code being placed incorrectly in the driver lifecycle. Previous fixes moved the synchronization code around, but it still ran before interrupts were fully disabled, allowing more interrupts and callbacks to occur after synchronization. The final fix moves the synchronization to a routine that properly disables interrupts before synchronizing, ensuring no callbacks run after unbinding.


How can this vulnerability impact me? :

This vulnerability can lead to race conditions in the USB dummy-hcd driver where interrupt callbacks may run after the driver has been unbound. This can cause instability or unexpected behavior in the system, potentially leading to crashes or other erratic USB device behavior.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed by updating the Linux kernel to a version that includes the patch for the dummy-hcd driver synchronization error.

Since the issue involves the USB dummy-hcd driver and its interrupt synchronization, applying the latest kernel updates from your Linux distribution that address this specific fix is the recommended immediate mitigation step.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart