CVE-2025-38376

usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume

Severity Score

4.6

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: disconnect/reconnect from host when do suspend/resume Shawn and John reported a hang issue during system suspend as below: - USB gadget is enabled as Ethernet - There is data transfer over USB Ethernet (scp a big file between host and device) - Device is going in/out suspend (echo mem > /sys/power/state) The root cause is the USB device controller is suspended but the USB bus
is still active which caused the USB host continues to transfer data with
device and the device continues to queue USB requests (in this case, a
delayed TCP ACK packet trigger the issue) after controller is suspended,
however the USB controller clock is already gated off. Then if udc driver
access registers after that point, the system will hang. The correct way to avoid such issue is to disconnect device from host when
the USB bus is not at suspend state. Then the host will receive disconnect
event and stop data transfer in time. To continue make USB gadget device
work after system resume, this will reconnect device automatically. To make usb wakeup work if USB bus is already at suspend state, this will
keep connection for it only when USB device controller has enabled wakeup
capability.

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: chipidea: udc: desconectar/reconectar del host al suspender/reanudar Shawn y John informaron de un problema de cuelgue durante la suspensión del sistema como se muestra a continuación: - El dispositivo USB está habilitado como Ethernet - Hay transferencia de datos a través de USB Ethernet (scp un archivo grande entre el host y el dispositivo) - El dispositivo entra/sale de suspensión (echo mem > /sys/power/state) La causa raíz es que el controlador del dispositivo USB está suspendido, pero el bus USB sigue activo, lo que provocó que el host USB siguiera transfiriendo datos con el dispositivo y el dispositivo siguiera poniendo en cola las solicitudes USB (en este caso, un paquete TCP ACK retrasado desencadenó el problema) después de que el controlador se suspendiera; sin embargo, el reloj del controlador USB ya estaba desactivado. Entonces, si el acceso al controlador udc se registra después de ese punto, el sistema se colgará. La forma correcta de evitar este problema es desconectar el dispositivo del host cuando el bus USB no esté en estado de suspensión. Entonces, el host recibirá el evento de desconexión y detendrá la transferencia de datos a tiempo. Para que el dispositivo USB siga funcionando después de reanudar el sistema, esto volverá a conectar el dispositivo automáticamente. Para que la activación USB funcione si el bus USB ya está en estado de suspensión, esto mantendrá la conexión solo cuando el controlador del dispositivo USB haya habilitado la capacidad de activación.

In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc:...

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-04-16 CVE Reserved
2025-07-25 CVE Published
2025-07-28 CVE Updated
2025-07-31 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/235ffc17d0146d806f6ad8c094c24ff4878f2edb	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/937f49be49d6ee696eb5457c21ff89c135c9b5ae	2025-07-10
https://git.kernel.org/stable/c/c68a27bbebbdb4e0ccd45d4f0df7111a09ddac24	2025-07-10
https://git.kernel.org/stable/c/5fd585fedb79bac2af9976b0fa3ffa354f0cc0bb	2025-07-10
https://git.kernel.org/stable/c/31a6afbe86e8e9deba9ab53876ec49eafc7fd901	2025-06-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.6.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.6.97"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.12.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.12.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.15.6 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.15.6"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.2 < 6.16 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.2 < 6.16"		en		Affected