摘要:

In the Linux kernel, the following vulnerability has been resolved:USB: core: Fix deadlock in port disable sysfs attributeThe show and store callback routines for the disable sysfs attributefile in port.c acquire the device lock for the port s parent hubdevice. This can cause problems if another process has locked the hubto remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and device_del() waits until all outstanding sysfs attribute callbacks for the ports have returned. The lock can t be released until then. But the disable_show() or disable_store() routine can t return until after it has acquired the lock.The resulting deadlock can be avoided by callingsysfs_break_active_protection(). This will cause the sysfs core notto wait for the attribute s callback routine to return, allowing theremoval to proceed. The disadvantage is that after making this call,there is no guarantee that the hub structure won t be deallocated atany moment. To prevent this, we have to acquire a reference to itfirst by calling hub_get().

安全等级: Low

公告ID: KylinSec-SA-2024-2603

发布日期: 2024年6月5日

关联CVE: CVE-2024-26933