CVE-2026-53037

Source
https://cve.org/CVERecord?id=CVE-2026-53037
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53037.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53037
Downstream
Published
2026-06-24T16:29:44.311Z
Modified
2026-07-08T08:09:45.293063890Z
Summary
HID: usbhid: fix deadlock in hid_post_reset()
Details

In the Linux kernel, the following vulnerability has been resolved:

HID: usbhid: fix deadlock in hidpostreset()

You can build a USB device that includes a HID component and a storage or UAS component. The components can be reset only together. That means that hidprereset() and hidpostreset() are in the block IO error handling. Hence no memory allocation used in them may do block IO because the IO can deadlock on the mutex held while resetting a device and calling the interface drivers. Use GFP_NOIO for all allocations in them.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53037.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
dc3c78e43469063c5bf4b744214508f94c4129f9
Fixed
56d318ef8766f0deb08517fd8f3007256ea7997d
Fixed
90550af0aad5e75110073c501e4fb42fca20ff80
Fixed
eeceb6f4dd42065fdda3a526a93d08b8fb90fb69
Fixed
ad4505d2ab3aaac6498f17649608e70e80034bf2
Fixed
4e900465296ce9fb12ed47dc77389b8dde95bfe0
Fixed
c7abd0e6c87441e99c759d40eb6fe589634e3041
Fixed
b3d16611d7cd78e9d5c6baa19b61b7caf9f1ab5e
Fixed
8df2c1b47ee3cd50fd454f75c7a7e2ae8a6adf72

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53037.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.5.0
Fixed
5.10.258
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.209
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.175
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.141
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.91
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.33
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.10

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53037.json"