Copyright © 2012 Red Hat, Inc. All rights reserved.
Moderate
2026-05-08T00:00:00
kernel: usb: gadget: f_ncm: Fix atomic context locking issue
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-663
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: Fix atomic context locking issue
The ncm_set_alt function was holding a mutex to protect against races
with configfs, which invokes the might-sleep function inside an atomic
context.
Remove the struct net_device pointer from the f_ncm_opts structure to
eliminate the contention. The connection state is now managed by a new
boolean flag to preserve the use-after-free fix from
commit 6334b8e4553c ("usb: gadget: f_ncm: Fix UAF ncm object at re-bind
after usb ep transport error").
BUG: sleeping function called from invalid context
Call Trace:
dump_stack_lvl+0x83/0xc0
dump_stack+0x14/0x16
__might_resched+0x389/0x4c0
__might_sleep+0x8e/0x100
...
__mutex_lock+0x6f/0x1740
...
ncm_set_alt+0x209/0xa40
set_config+0x6b6/0xb40
composite_setup+0x734/0x2b40
...
A flaw was found in the Linux kernel's USB Network Control Model (NCM) gadget driver. The ncm_set_alt function was observed to hold a mutex within an atomic context, which is an invalid operation. This improper locking can lead to a 'sleeping function called from invalid context' error when configfs attempts to invoke a function that might sleep. An attacker could potentially exploit this to cause system instability or a denial of service.
Red Hat acknowledges the upstream Linux kernel correction for «usb» as described in COMMENT_ZERO. Fixes are delivered through standard kernel errata for supported products. Operational exposure depends on whether this subsystem or driver is active in your configuration.
Red Hat Enterprise Linux 10
Fix deferred
kernel
Red Hat Enterprise Linux 6
Not affected
kernel
Red Hat Enterprise Linux 7
Not affected
kernel
Red Hat Enterprise Linux 7
Not affected
kernel-rt
Red Hat Enterprise Linux 8
Not affected
kernel
Red Hat Enterprise Linux 8
Not affected
kernel-rt
Red Hat Enterprise Linux 9
Not affected
kernel
Red Hat Enterprise Linux 9
Not affected
kernel-rt
https://www.cve.org/CVERecord?id=CVE-2026-43423
https://nvd.nist.gov/vuln/detail/CVE-2026-43423
https://lore.kernel.org/linux-cve-announce/2026050848-CVE-2026-43423-5e6b@gregkh/T