Linux Kernel UVC Video Deadlock Vulnerability in uvc_probe Function

Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's UVC video driver. The issue arises during the uvc_probe() process, where a failure can lead to a premature call to uvc_status_unregister() before uvc_status_init() has been executed. This misordering can cause a deadlock situation. The vulnerability has been addressed by modifying uvc_status_unregister() to check whether dev->status is NULL before proceeding.

Impact

Exploitation of this vulnerability can lead to a deadlock condition, causing the system to become unresponsive or to hang indefinitely while waiting for a process to release a resource.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel UVC Video Deadlock Vulnerability in uvc_probe Function

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating