In the Linux kernel, the following vulnerability has been resolved:
usb: dwc2: gadget: Fix spinlock/unlock mismatch in dwc2hsotgudcstop()
dwc2gadgetexitclockgating() internally calls callgadget() macro, which expects hsotg->lock to be held since it does spinunlock/spin_lock around the gadget driver callback invocation.
However, dwc2hsotgudcstop() calls dwc2gadgetexitclockgating() without holding the lock. This leads to: - spinunlock on a lock that is not held (undefined behavior) - The lock remaining held after dwc2gadgetexitclockgating() returns, causing a deadlock when spinlockirqsave() is called later in the same function.
Fix this by acquiring hsotg->lock before calling dwc2gadgetexitclockgating() and releasing it afterwards, which satisfies the locking requirement of the call_gadget() macro.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31756.json",
"cna_assigner": "Linux"
}