CVE-2023-54256
usb: dwc3: don't reset device side if dwc3 was configured as host-only
Description
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: don't reset device side if dwc3 was configured as host-only Commit c4a5153e87fd ("usb: dwc3: core: Power-off core/PHYs on system_suspend in host mode") replaces check for HOST only dr_mode with current_dr_role. But during booting, the current_dr_role isn't initialized, thus the device side reset is always issued even if dwc3 was configured as host-only. What's more, on some platforms with host only dwc3, aways issuing device side reset by accessing device register block can cause kernel panic.
INFO
Published Date :
Dec. 30, 2025, 1:16 p.m.
Last Modified :
Dec. 30, 2025, 1:16 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products
The following products are affected by CVE-2023-54256
vulnerability.
Even if cvefeed.io is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
No affected product recoded yet
Solution
- Update the Linux kernel.
- Apply the provided commit to the kernel.
- Rebuild and install the kernel.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2023-54256.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2023-54256 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2023-54256
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2023-54256 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2023-54256 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 30, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: don't reset device side if dwc3 was configured as host-only Commit c4a5153e87fd ("usb: dwc3: core: Power-off core/PHYs on system_suspend in host mode") replaces check for HOST only dr_mode with current_dr_role. But during booting, the current_dr_role isn't initialized, thus the device side reset is always issued even if dwc3 was configured as host-only. What's more, on some platforms with host only dwc3, aways issuing device side reset by accessing device register block can cause kernel panic. Added Reference https://git.kernel.org/stable/c/317d6e4c12b46bde61248ea4ab5e19f68cbd1c57 Added Reference https://git.kernel.org/stable/c/6366b1178545e0a29f69845938153aa3c7aa603b Added Reference https://git.kernel.org/stable/c/640cb5f5e4b41fe050519e108d7505a5fd2124c9 Added Reference https://git.kernel.org/stable/c/96c433aff5fd427fde29aba18dbec3df60e8c538 Added Reference https://git.kernel.org/stable/c/b4e909a46919a922da3e2f7983465370f40bdda4 Added Reference https://git.kernel.org/stable/c/c1fad1695befef3c3ae5f185ed0f8f394b9962ae Added Reference https://git.kernel.org/stable/c/e835c0a4e23c38531dcee5ef77e8d1cf462658c7