Linux Kernel Deadlock Vulnerability in USB Host Driver

A deadlock vulnerability has been identified in the Linux kernel's USB host driver, specifically within the oxu_bus_suspend() function. The issue arises when the function holds a lock and simultaneously waits for a timer to stop, creating a circular dependency that causes the function to block indefinitely. This deadlock occurs because the timer handler requires the same lock that oxu_bus_suspend() is holding, leading to a situation where both threads are waiting on each other and cannot proceed.

Impact

Exploitation of this vulnerability leads to a deadlock condition, causing the oxu_bus_suspend() function to block indefinitely.

Remediation

The vulnerability has been addressed by modifying the oxu_bus_suspend() function to allow the timer handler to acquire the necessary lock, thereby preventing the deadlock. Users should apply the latest patches available in the Linux kernel to mitigate this issue.