Linux Kernel xHCI Host Controller Bandwidth List Management Vulnerability

A vulnerability exists in the Linux kernel's handling of USB xHCI host controllers, specifically in versions prior to the patch that addresses this issue. When a virtual device is freed, its associated endpoints are typically removed from the bandwidth list. However, if the xHCI host is being removed or is unresponsive, this cleanup process fails, leading to a kernel crash. This issue, caused by improper management of endpoint deletions, particularly affects Intel Panther Point PCH (Ivy Bridge) hosts that rely on software bandwidth checking.

Impact

The vulnerability can cause a kernel crash due to list management corruption, specifically when unbinding the xHCI PCI device.

Reproduction

To reproduce this issue, unbind the xHCI PCI device on a system with an affected version of the Linux kernel and an Intel Panther Point PCH (Ivy Bridge) chipset. This will trigger the endpoint management flaw, leading to a kernel crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.