In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix deadlock in port disable sysfs attribute
The show and store callback routines for the disable sysfs attribute file in port.c acquire the device lock for the ports parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration:
Removing the hub or changing its configuration requires the
hub interface to be removed, which requires the port device
to be removed, and device_del() waits until all outstanding
sysfs attribute callbacks for the ports have returned. The
lock cant be released until then.
But the disable_show() or disable_store() routine cant return
until after it has acquired the lock.
The resulting deadlock can be avoided by calling sysfs_break_active_protection(). This will cause the sysfs core not to wait for the attributes callback routine to return, allowing the removal to proceed. The disadvantage is that after making this call, there is no guarantee that the hub structure wont be deallocated at any moment. To prevent this, we have to acquire a reference to it first by calling hub_get().
Weakness
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | 6.0 (including) | 6.1.84 (excluding) |
| Linux_kernel | Linux | 6.2 (including) | 6.6.24 (excluding) |
| Linux_kernel | Linux | 6.7 (including) | 6.7.12 (excluding) |
| Linux_kernel | Linux | 6.8 (including) | 6.8.3 (excluding) |
| Linux_kernel | Linux | 6.9-rc1 (including) | 6.9-rc1 (including) |
| Red Hat Enterprise Linux 8 | RedHat | kernel-rt-0:4.18.0-553.5.1.rt7.346.el8_10 | * |
| Red Hat Enterprise Linux 8 | RedHat | kernel-0:4.18.0-553.5.1.el8_10 | * |
| Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-503.11.1.el9_5 | * |
| Red Hat Enterprise Linux 9 | RedHat | kernel-0:5.14.0-503.11.1.el9_5 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | kernel-0:5.14.0-427.85.1.el9_4 | * |
| Linux | Ubuntu | mantic | * |
| Linux | Ubuntu | noble | * |
| Linux | Ubuntu | upstream | * |
| Linux-allwinner-5.19 | Ubuntu | jammy | * |
| Linux-allwinner-5.19 | Ubuntu | upstream | * |
| Linux-aws | Ubuntu | mantic | * |
| Linux-aws | Ubuntu | noble | * |
| Linux-aws | Ubuntu | upstream | * |
| Linux-aws-5.0 | Ubuntu | bionic | * |
| Linux-aws-5.0 | Ubuntu | esm-infra/bionic | * |
| Linux-aws-5.0 | Ubuntu | upstream | * |
| Linux-aws-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-aws-5.11 | Ubuntu | focal | * |
| Linux-aws-5.11 | Ubuntu | upstream | * |
| Linux-aws-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-aws-5.13 | Ubuntu | focal | * |
| Linux-aws-5.13 | Ubuntu | upstream | * |
| Linux-aws-5.15 | Ubuntu | upstream | * |
| Linux-aws-5.19 | Ubuntu | jammy | * |
| Linux-aws-5.19 | Ubuntu | upstream | * |
| Linux-aws-5.3 | Ubuntu | bionic | * |
| Linux-aws-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-aws-5.3 | Ubuntu | upstream | * |
| Linux-aws-5.4 | Ubuntu | upstream | * |
| Linux-aws-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-aws-5.8 | Ubuntu | focal | * |
| Linux-aws-5.8 | Ubuntu | upstream | * |
| Linux-aws-6.2 | Ubuntu | jammy | * |
| Linux-aws-6.2 | Ubuntu | upstream | * |
| Linux-aws-6.5 | Ubuntu | jammy | * |
| Linux-aws-6.5 | Ubuntu | upstream | * |
| Linux-aws-6.8 | Ubuntu | upstream | * |
| Linux-aws-fips | Ubuntu | trusty | * |
| Linux-aws-fips | Ubuntu | upstream | * |
| Linux-aws-fips | Ubuntu | xenial | * |
| Linux-aws-hwe | Ubuntu | upstream | * |
| Linux-azure | Ubuntu | bionic | * |
| Linux-azure | Ubuntu | esm-infra/bionic | * |
| Linux-azure | Ubuntu | mantic | * |
| Linux-azure | Ubuntu | noble | * |
| Linux-azure | Ubuntu | upstream | * |
| Linux-azure-4.15 | Ubuntu | upstream | * |
| Linux-azure-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-azure-5.11 | Ubuntu | focal | * |
| Linux-azure-5.11 | Ubuntu | upstream | * |
| Linux-azure-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-azure-5.13 | Ubuntu | focal | * |
| Linux-azure-5.13 | Ubuntu | upstream | * |
| Linux-azure-5.15 | Ubuntu | upstream | * |
| Linux-azure-5.19 | Ubuntu | jammy | * |
| Linux-azure-5.19 | Ubuntu | upstream | * |
| Linux-azure-5.3 | Ubuntu | bionic | * |
| Linux-azure-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-azure-5.3 | Ubuntu | upstream | * |
| Linux-azure-5.4 | Ubuntu | upstream | * |
| Linux-azure-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-azure-5.8 | Ubuntu | focal | * |
| Linux-azure-5.8 | Ubuntu | upstream | * |
| Linux-azure-6.2 | Ubuntu | jammy | * |
| Linux-azure-6.2 | Ubuntu | upstream | * |
| Linux-azure-6.5 | Ubuntu | jammy | * |
| Linux-azure-6.5 | Ubuntu | upstream | * |
| Linux-azure-6.8 | Ubuntu | upstream | * |
| Linux-azure-edge | Ubuntu | bionic | * |
| Linux-azure-edge | Ubuntu | esm-infra/bionic | * |
| Linux-azure-edge | Ubuntu | upstream | * |
| Linux-azure-fde | Ubuntu | esm-infra/focal | * |
| Linux-azure-fde | Ubuntu | focal | * |
| Linux-azure-fde | Ubuntu | upstream | * |
| Linux-azure-fde-5.15 | Ubuntu | upstream | * |
| Linux-azure-fde-5.19 | Ubuntu | jammy | * |
| Linux-azure-fde-5.19 | Ubuntu | upstream | * |
| Linux-azure-fde-6.2 | Ubuntu | jammy | * |
| Linux-azure-fde-6.2 | Ubuntu | upstream | * |
| Linux-azure-fips | Ubuntu | trusty | * |
| Linux-azure-fips | Ubuntu | upstream | * |
| Linux-azure-fips | Ubuntu | xenial | * |
| Linux-bluefield | Ubuntu | upstream | * |
| Linux-fips | Ubuntu | upstream | * |
| Linux-gcp | Ubuntu | bionic | * |
| Linux-gcp | Ubuntu | esm-infra/bionic | * |
| Linux-gcp | Ubuntu | mantic | * |
| Linux-gcp | Ubuntu | noble | * |
| Linux-gcp | Ubuntu | upstream | * |
| Linux-gcp-4.15 | Ubuntu | upstream | * |
| Linux-gcp-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-gcp-5.11 | Ubuntu | focal | * |
| Linux-gcp-5.11 | Ubuntu | upstream | * |
| Linux-gcp-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-gcp-5.13 | Ubuntu | focal | * |
| Linux-gcp-5.13 | Ubuntu | upstream | * |
| Linux-gcp-5.15 | Ubuntu | upstream | * |
| Linux-gcp-5.19 | Ubuntu | jammy | * |
| Linux-gcp-5.19 | Ubuntu | upstream | * |
| Linux-gcp-5.3 | Ubuntu | bionic | * |
| Linux-gcp-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-gcp-5.3 | Ubuntu | upstream | * |
| Linux-gcp-5.4 | Ubuntu | upstream | * |
| Linux-gcp-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-gcp-5.8 | Ubuntu | focal | * |
| Linux-gcp-5.8 | Ubuntu | upstream | * |
| Linux-gcp-6.2 | Ubuntu | jammy | * |
| Linux-gcp-6.2 | Ubuntu | upstream | * |
| Linux-gcp-6.5 | Ubuntu | jammy | * |
| Linux-gcp-6.5 | Ubuntu | upstream | * |
| Linux-gcp-6.8 | Ubuntu | upstream | * |
| Linux-gcp-fips | Ubuntu | trusty | * |
| Linux-gcp-fips | Ubuntu | upstream | * |
| Linux-gcp-fips | Ubuntu | xenial | * |
| Linux-gke | Ubuntu | esm-infra/focal | * |
| Linux-gke | Ubuntu | focal | * |
| Linux-gke | Ubuntu | noble | * |
| Linux-gke | Ubuntu | upstream | * |
| Linux-gke | Ubuntu | xenial | * |
| Linux-gke-4.15 | Ubuntu | bionic | * |
| Linux-gke-4.15 | Ubuntu | esm-infra/bionic | * |
| Linux-gke-4.15 | Ubuntu | upstream | * |
| Linux-gke-5.15 | Ubuntu | esm-infra/focal | * |
| Linux-gke-5.15 | Ubuntu | focal | * |
| Linux-gke-5.15 | Ubuntu | upstream | * |
| Linux-gke-5.4 | Ubuntu | bionic | * |
| Linux-gke-5.4 | Ubuntu | esm-infra/bionic | * |
| Linux-gke-5.4 | Ubuntu | upstream | * |
| Linux-gkeop | Ubuntu | upstream | * |
| Linux-gkeop-5.15 | Ubuntu | upstream | * |
| Linux-gkeop-5.4 | Ubuntu | bionic | * |
| Linux-gkeop-5.4 | Ubuntu | esm-infra/bionic | * |
| Linux-gkeop-5.4 | Ubuntu | upstream | * |
| Linux-hwe | Ubuntu | bionic | * |
| Linux-hwe | Ubuntu | esm-infra/bionic | * |
| Linux-hwe | Ubuntu | upstream | * |
| Linux-hwe-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-hwe-5.11 | Ubuntu | focal | * |
| Linux-hwe-5.11 | Ubuntu | upstream | * |
| Linux-hwe-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-hwe-5.13 | Ubuntu | focal | * |
| Linux-hwe-5.13 | Ubuntu | upstream | * |
| Linux-hwe-5.15 | Ubuntu | upstream | * |
| Linux-hwe-5.19 | Ubuntu | jammy | * |
| Linux-hwe-5.19 | Ubuntu | upstream | * |
| Linux-hwe-5.4 | Ubuntu | upstream | * |
| Linux-hwe-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-hwe-5.8 | Ubuntu | focal | * |
| Linux-hwe-5.8 | Ubuntu | upstream | * |
| Linux-hwe-6.2 | Ubuntu | jammy | * |
| Linux-hwe-6.2 | Ubuntu | upstream | * |
| Linux-hwe-6.5 | Ubuntu | jammy | * |
| Linux-hwe-6.5 | Ubuntu | upstream | * |
| Linux-hwe-6.8 | Ubuntu | upstream | * |
| Linux-hwe-edge | Ubuntu | esm-infra/xenial | * |
| Linux-hwe-edge | Ubuntu | upstream | * |
| Linux-hwe-edge | Ubuntu | xenial | * |
| Linux-ibm | Ubuntu | mantic | * |
| Linux-ibm | Ubuntu | noble | * |
| Linux-ibm | Ubuntu | upstream | * |
| Linux-ibm-5.15 | Ubuntu | upstream | * |
| Linux-ibm-5.4 | Ubuntu | upstream | * |
| Linux-intel | Ubuntu | upstream | * |
| Linux-intel-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-intel-5.13 | Ubuntu | focal | * |
| Linux-intel-5.13 | Ubuntu | upstream | * |
| Linux-intel-iot-realtime | Ubuntu | jammy | * |
| Linux-intel-iot-realtime | Ubuntu | upstream | * |
| Linux-intel-iotg | Ubuntu | upstream | * |
| Linux-intel-iotg-5.15 | Ubuntu | upstream | * |
| Linux-iot | Ubuntu | upstream | * |
| Linux-kvm | Ubuntu | upstream | * |
| Linux-laptop | Ubuntu | mantic | * |
| Linux-laptop | Ubuntu | upstream | * |
| Linux-lowlatency | Ubuntu | mantic | * |
| Linux-lowlatency | Ubuntu | noble | * |
| Linux-lowlatency | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-5.15 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-5.19 | Ubuntu | jammy | * |
| Linux-lowlatency-hwe-5.19 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.2 | Ubuntu | jammy | * |
| Linux-lowlatency-hwe-6.2 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.5 | Ubuntu | jammy | * |
| Linux-lowlatency-hwe-6.5 | Ubuntu | upstream | * |
| Linux-lowlatency-hwe-6.8 | Ubuntu | upstream | * |
| Linux-lts-xenial | Ubuntu | upstream | * |
| Linux-nvidia | Ubuntu | upstream | * |
| Linux-nvidia-6.2 | Ubuntu | jammy | * |
| Linux-nvidia-6.2 | Ubuntu | upstream | * |
| Linux-nvidia-6.5 | Ubuntu | jammy | * |
| Linux-nvidia-6.5 | Ubuntu | upstream | * |
| Linux-nvidia-6.8 | Ubuntu | upstream | * |
| Linux-nvidia-lowlatency | Ubuntu | upstream | * |
| Linux-oem | Ubuntu | bionic | * |
| Linux-oem | Ubuntu | esm-infra/bionic | * |
| Linux-oem | Ubuntu | upstream | * |
| Linux-oem | Ubuntu | xenial | * |
| Linux-oem-5.10 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.10 | Ubuntu | focal | * |
| Linux-oem-5.10 | Ubuntu | upstream | * |
| Linux-oem-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.13 | Ubuntu | focal | * |
| Linux-oem-5.13 | Ubuntu | upstream | * |
| Linux-oem-5.14 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.14 | Ubuntu | focal | * |
| Linux-oem-5.14 | Ubuntu | upstream | * |
| Linux-oem-5.17 | Ubuntu | jammy | * |
| Linux-oem-5.17 | Ubuntu | upstream | * |
| Linux-oem-5.6 | Ubuntu | esm-infra/focal | * |
| Linux-oem-5.6 | Ubuntu | focal | * |
| Linux-oem-5.6 | Ubuntu | upstream | * |
| Linux-oem-6.0 | Ubuntu | jammy | * |
| Linux-oem-6.0 | Ubuntu | upstream | * |
| Linux-oem-6.1 | Ubuntu | jammy | * |
| Linux-oem-6.1 | Ubuntu | upstream | * |
| Linux-oem-6.11 | Ubuntu | upstream | * |
| Linux-oem-6.5 | Ubuntu | jammy | * |
| Linux-oem-6.5 | Ubuntu | upstream | * |
| Linux-oem-6.8 | Ubuntu | noble | * |
| Linux-oem-6.8 | Ubuntu | upstream | * |
| Linux-oracle | Ubuntu | mantic | * |
| Linux-oracle | Ubuntu | noble | * |
| Linux-oracle | Ubuntu | upstream | * |
| Linux-oracle-5.0 | Ubuntu | bionic | * |
| Linux-oracle-5.0 | Ubuntu | esm-infra/bionic | * |
| Linux-oracle-5.0 | Ubuntu | upstream | * |
| Linux-oracle-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-oracle-5.11 | Ubuntu | focal | * |
| Linux-oracle-5.11 | Ubuntu | upstream | * |
| Linux-oracle-5.13 | Ubuntu | esm-infra/focal | * |
| Linux-oracle-5.13 | Ubuntu | focal | * |
| Linux-oracle-5.13 | Ubuntu | upstream | * |
| Linux-oracle-5.15 | Ubuntu | upstream | * |
| Linux-oracle-5.3 | Ubuntu | bionic | * |
| Linux-oracle-5.3 | Ubuntu | esm-infra/bionic | * |
| Linux-oracle-5.3 | Ubuntu | upstream | * |
| Linux-oracle-5.4 | Ubuntu | upstream | * |
| Linux-oracle-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-oracle-5.8 | Ubuntu | focal | * |
| Linux-oracle-5.8 | Ubuntu | upstream | * |
| Linux-oracle-6.5 | Ubuntu | jammy | * |
| Linux-oracle-6.5 | Ubuntu | upstream | * |
| Linux-oracle-6.8 | Ubuntu | upstream | * |
| Linux-raspi | Ubuntu | mantic | * |
| Linux-raspi | Ubuntu | noble | * |
| Linux-raspi | Ubuntu | upstream | * |
| Linux-raspi-5.4 | Ubuntu | upstream | * |
| Linux-raspi-realtime | Ubuntu | noble | * |
| Linux-raspi-realtime | Ubuntu | realtime/noble | * |
| Linux-raspi-realtime | Ubuntu | upstream | * |
| Linux-raspi2 | Ubuntu | bionic | * |
| Linux-raspi2 | Ubuntu | esm-infra/focal | * |
| Linux-raspi2 | Ubuntu | focal | * |
| Linux-raspi2 | Ubuntu | upstream | * |
| Linux-raspi2 | Ubuntu | xenial | * |
| Linux-realtime | Ubuntu | jammy | * |
| Linux-realtime | Ubuntu | realtime/noble | * |
| Linux-realtime | Ubuntu | upstream | * |
| Linux-riscv | Ubuntu | esm-infra/focal | * |
| Linux-riscv | Ubuntu | focal | * |
| Linux-riscv | Ubuntu | jammy | * |
| Linux-riscv | Ubuntu | mantic | * |
| Linux-riscv | Ubuntu | noble | * |
| Linux-riscv | Ubuntu | upstream | * |
| Linux-riscv-5.11 | Ubuntu | esm-infra/focal | * |
| Linux-riscv-5.11 | Ubuntu | focal | * |
| Linux-riscv-5.11 | Ubuntu | upstream | * |
| Linux-riscv-5.15 | Ubuntu | upstream | * |
| Linux-riscv-5.19 | Ubuntu | jammy | * |
| Linux-riscv-5.19 | Ubuntu | upstream | * |
| Linux-riscv-5.8 | Ubuntu | esm-infra/focal | * |
| Linux-riscv-5.8 | Ubuntu | focal | * |
| Linux-riscv-5.8 | Ubuntu | upstream | * |
| Linux-riscv-6.5 | Ubuntu | jammy | * |
| Linux-riscv-6.5 | Ubuntu | upstream | * |
| Linux-riscv-6.8 | Ubuntu | upstream | * |
| Linux-starfive | Ubuntu | mantic | * |
| Linux-starfive | Ubuntu | upstream | * |
| Linux-starfive-5.19 | Ubuntu | jammy | * |
| Linux-starfive-5.19 | Ubuntu | upstream | * |
| Linux-starfive-6.2 | Ubuntu | jammy | * |
| Linux-starfive-6.2 | Ubuntu | upstream | * |
| Linux-starfive-6.5 | Ubuntu | jammy | * |
| Linux-starfive-6.5 | Ubuntu | upstream | * |
| Linux-xilinx-zynqmp | Ubuntu | upstream | * |
Extended Description
Locking is a type of synchronization behavior that ensures that multiple independently-operating processes or threads do not interfere with each other when accessing the same resource. All processes/threads are expected to follow the same steps for locking. If these steps are not followed precisely - or if no locking is done at all - then another process/thread could modify the shared resource in a way that is not visible or predictable to the original process. This can lead to data or memory corruption, denial of service, etc.
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/25.html
- https://cwe.mitre.org/data/definitions/26.html
- https://cwe.mitre.org/data/definitions/27.html
References
- https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7
- https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e
- https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05
- https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1
- https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c
- https://git.kernel.org/stable/c/4facc9421117ba9d8148c73771b213887fec77f7
- https://git.kernel.org/stable/c/73d1589b91f2099e5f6534a8497b7c6b527e064e
- https://git.kernel.org/stable/c/9dac54f08198147f5ec0ec52fcf1bc8ac899ac05
- https://git.kernel.org/stable/c/f4d1960764d8a70318b02f15203a1be2b2554ca1
- https://git.kernel.org/stable/c/f51849833705dea5b4f9b0c8de714dd87bd6c95c