Linux Kernel USB MIDI Deadlock Vulnerability

Vulnerability

A deadlock vulnerability has been identified in the USB MIDI gadget functionality of the Linux kernel. This issue arises from a re-entrant call to the 'f_midi_transmit' function, where a lock is attempted to be acquired twice, leading to a deadlock situation. The vulnerability has been resolved by modifying the 'f_midi_complete' function to use 'queue_work()' for scheduling the 'f_midi_transmit()' call via a high-priority work queue, thereby preventing the deadlock.

Impact

Exploitation of this vulnerability leads to a deadlock condition, causing the system to become unresponsive or to hang indefinitely while waiting for a resource to become available.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel USB MIDI Deadlock Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating