CVE-2017-8071

drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name	Vendor	Start Version	End Version
Linux_kernel	Linux	4.9 (including)	4.9 (including)
Linux_kernel	Linux	4.9.1 (including)	4.9.1 (including)
Linux_kernel	Linux	4.9.2 (including)	4.9.2 (including)
Linux_kernel	Linux	4.9.3 (including)	4.9.3 (including)
Linux_kernel	Linux	4.9.4 (including)	4.9.4 (including)
Linux_kernel	Linux	4.9.5 (including)	4.9.5 (including)
Linux_kernel	Linux	4.9.6 (including)	4.9.6 (including)
Linux_kernel	Linux	4.9.8 (including)	4.9.8 (including)
Linux	Ubuntu	precise	*
Linux	Ubuntu	upstream	*
Linux-armadaxp	Ubuntu	precise	*
Linux-armadaxp	Ubuntu	upstream	*
Linux-aws	Ubuntu	upstream	*
Linux-flo	Ubuntu	esm-apps/xenial	*
Linux-flo	Ubuntu	trusty	*
Linux-flo	Ubuntu	upstream	*
Linux-flo	Ubuntu	vivid/stable-phone-overlay	*
Linux-flo	Ubuntu	xenial	*
Linux-flo	Ubuntu	yakkety	*
Linux-gke	Ubuntu	upstream	*
Linux-goldfish	Ubuntu	esm-apps/xenial	*
Linux-goldfish	Ubuntu	trusty	*
Linux-goldfish	Ubuntu	upstream	*
Linux-goldfish	Ubuntu	xenial	*
Linux-goldfish	Ubuntu	yakkety	*
Linux-goldfish	Ubuntu	zesty	*
Linux-grouper	Ubuntu	trusty	*
Linux-grouper	Ubuntu	upstream	*
Linux-hwe	Ubuntu	upstream	*
Linux-hwe-edge	Ubuntu	upstream	*
Linux-linaro-omap	Ubuntu	precise	*
Linux-linaro-omap	Ubuntu	upstream	*
Linux-linaro-shared	Ubuntu	precise	*
Linux-linaro-shared	Ubuntu	upstream	*
Linux-linaro-vexpress	Ubuntu	precise	*
Linux-linaro-vexpress	Ubuntu	upstream	*
Linux-lts-quantal	Ubuntu	precise	*
Linux-lts-quantal	Ubuntu	precise/esm	*
Linux-lts-quantal	Ubuntu	upstream	*
Linux-lts-raring	Ubuntu	precise	*
Linux-lts-raring	Ubuntu	precise/esm	*
Linux-lts-raring	Ubuntu	upstream	*
Linux-lts-saucy	Ubuntu	precise	*
Linux-lts-saucy	Ubuntu	precise/esm	*
Linux-lts-saucy	Ubuntu	upstream	*
Linux-lts-trusty	Ubuntu	precise	*
Linux-lts-trusty	Ubuntu	upstream	*
Linux-lts-utopic	Ubuntu	trusty	*
Linux-lts-utopic	Ubuntu	upstream	*
Linux-lts-vivid	Ubuntu	upstream	*
Linux-lts-wily	Ubuntu	trusty	*
Linux-lts-wily	Ubuntu	upstream	*
Linux-lts-xenial	Ubuntu	upstream	*
Linux-maguro	Ubuntu	trusty	*
Linux-maguro	Ubuntu	upstream	*
Linux-mako	Ubuntu	esm-apps/xenial	*
Linux-mako	Ubuntu	trusty	*
Linux-mako	Ubuntu	upstream	*
Linux-mako	Ubuntu	vivid/stable-phone-overlay	*
Linux-mako	Ubuntu	xenial	*
Linux-mako	Ubuntu	yakkety	*
Linux-manta	Ubuntu	trusty	*
Linux-manta	Ubuntu	upstream	*
Linux-qcm-msm	Ubuntu	precise	*
Linux-qcm-msm	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	upstream	*
Linux-raspi2	Ubuntu	vivid/ubuntu-core	*
Linux-snapdragon	Ubuntu	upstream	*
Linux-ti-omap4	Ubuntu	precise	*
Linux-ti-omap4	Ubuntu	upstream	*

Potential Mitigations

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-8071
CWE	https://cwe.mitre.org/data/definitions/404.html

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

References

CVE-2017-8071

Improper Resource Shutdown or Release

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References