Linux Kernel USB Gadget Driver UVC Unconfiguration Panic Vulnerability

A kernel panic vulnerability has been identified in the Linux USB gadget driver, specifically within the UVC (USB Video Class) component. This issue arises when the UVC gadget driver is removed from a gadget's configuration, leading to a kernel panic. The problem stems from a deadlock situation: the 'gadget_unbind_driver' function calls the driver's 'unbind' method while holding a mutex, and the 'usb_gadget_deactivate' function tries to acquire the same mutex, causing a deadlock. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a kernel panic, causing a denial of service by crashing the kernel and potentially disrupting system operations.

Reproduction

To reproduce this vulnerability, load a UVC gadget driver and then remove it from the gadget's configuration. This process will trigger a kernel panic due to the deadlock created by the conflicting mutex operations.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.