CVE-2026-31756

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A spin lock/unlock mismatch exists in the dwc2 hsotg udc stop() function. The dwc2 gadget exit clock gating() function internally utilizes the call gadget() macro, which requires hsotg->lock to be held because it performs spin unlock/spin lock operations during the gadget driver callback. Because dwc2 hsotg udc stop() invokes dwc2 gadget exit clock gating() without holding the lock, it results in a spin unlock on a lock that is not held, leading to undefined behavior and a subsequent deadlock when spin lock irqsave() is called later in the same function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.