CVE-2025-39801 — Reachable Assertion in Linux
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 97.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 15
Latest updateMar 25
Description
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
This commit addresses a rarely observed endpoint command timeout
which causes kernel panic due to warn when 'panic_on_warn' is enabled
and unnecessary call trace prints when 'panic_on_warn' is disabled.
It is seen during fast software-controlled connect/disconnect testcases.
The following is one such endpoint command timeout that we observed:
1. Connect
->dwc3_thr…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages3 packages
▶CVEListV5linux/linux72246da40f3719af3bfd104a2365b32537c27d83 — dfe40159eec6ca63b40133bfa783eee2e3ed829f+6
Also affects: Debian Linux 11.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-2qcc-gm3c-qcf7: In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
This commit addre↗2025-09-15
OSV▶
CVE-2025-39801: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit address↗2025-09-15