U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. Vulnerabilities

CVE-2026-31756 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() dwc2_gadget_exit_clock_gating() internally calls call_gadget() macro, which expects hsotg->lock to be held since it does spin_unlock/spin_lock around the gadget driver callback invocation. However, dwc2_hsotg_udc_stop() calls dwc2_gadget_exit_clock_gating() without holding the lock. This leads to: - spin_unlock on a lock that is not held (undefined behavior) - The lock remaining held after dwc2_gadget_exit_clock_gating() returns, causing a deadlock when spin_lock_irqsave() is called later in the same function. Fix this by acquiring hsotg->lock before calling dwc2_gadget_exit_clock_gating() and releasing it afterwards, which satisfies the locking requirement of the call_gadget() macro.


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL Source(s) Tag(s)
https://git.kernel.org/stable/c/4ed9d2dd9f29828c311db6ec4b8e0d34bfd6d6a4 kernel.org
https://git.kernel.org/stable/c/51b62286fc668c6eb74dee7624ec0beec3c5a0ed kernel.org
https://git.kernel.org/stable/c/61937f686290494998236c680ce0836b8dd63a3f kernel.org
https://git.kernel.org/stable/c/8ffe31acb3b77a30ae34d01719a269881569fb7f kernel.org
https://git.kernel.org/stable/c/9bb4b5ed7f8c4f95cc556bdf042b0ba2fa13557a kernel.org
https://git.kernel.org/stable/c/beab10429439e20708036a66fb0d97ffb79da6a1 kernel.org
https://git.kernel.org/stable/c/e9fcca3e87463013d595c65c2189ffaa32ad3b50 kernel.org

Weakness Enumeration

CWE-ID CWE Name Source

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2026-31756
NVD Published Date:
05/01/2026
NVD Last Modified:
05/01/2026
Source:
kernel.org