Linux Kernel CDNS3 USB Driver Resumption Process Vulnerability

A vulnerability in the Linux kernel's CDNS3 USB driver can lead to improper handling during the device resume process. This issue arises because the 'cdns_resume' function was called within a spin lock, which is not suitable for operations that can sleep or be scheduled. As a result, the kernel may issue a warning about sleeping functions being called from an invalid context. The vulnerability affects several versions of the Linux kernel, including 6.1.20.

Impact

The vulnerability can cause the kernel to mismanage power states during the device resume process, potentially leading to incorrect device behavior or performance issues.

Reproduction

To reproduce this vulnerability, load a USB device that uses the CDNS3 driver into a Linux kernel version that is vulnerable. During the resume process, the driver will incorrectly handle the 'cdns_resume' function within a spin lock, causing the kernel to issue a warning about sleeping functions being called from an invalid context. This can be observed in the kernel log.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.