Linux Kernel Chipidea USB Controller Suspend/Resume Hang Vulnerability

A vulnerability in the Linux kernel's Chipidea USB controller can cause the system to hang during suspend and resume cycles. This issue arises when a USB gadget, configured as an Ethernet device, is actively transferring data while the device goes in and out of suspend. The USB device controller suspends, but the USB bus remains active, leading to continued data transfer and queued USB requests. If the USB device controller's clock is turned off, accessing the USB controller's registers can cause the system to hang. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause the system to hang during USB controller suspend and resume operations, disrupting data transfer and potentially leading to a loss of connectivity.

Reproduction

To reproduce this vulnerability, enable a USB gadget as an Ethernet device and initiate a data transfer, such as copying a large file via SCP, between the host and the device. While the transfer is ongoing, suspend the device by echoing 'mem' into the power state file. The USB device controller will suspend, but the active USB bus will allow data transfer to continue, leading to a system hang when the controller's clock is gated off and the USB device controller registers are accessed.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should update to the latest version where this issue has been resolved.