CVE-2026-43327

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A locking and synchronization error exists in the USB dummy-hcd component. A race condition can occur between a USB reset and a driver unbind process. Specifically, the stop activity() function may drop and re-acquire the dum->lock spinlock. If this occurs within set link state() after checking dum->ints enabled but before incrementing dum->callback usage, another thread performing a driver unbind can clear dum->ints enabled and dum->driver. This leads to the usb gadget udc reset() function being called with a NULL driver argument, resulting in an addressing exception and system crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.