In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid.
https://github.com/torvalds/linux/commit/c91815b596245fd7da349ecc43c8def670d2269e
https://github.com/torvalds/linux/commit/072684e8c58d17e853f8e8b9f6d9ce2e58d2b036
https://www.spinics.net/lists/linux-usb/msg167393.html
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4
https://www.spinics.net/lists/linux-usb/msg167355.html
Source: MITRE
Published: 2019-08-07
Updated: 2022-04-18
Type: CWE-667
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 5.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM