Linux Kernel AX88772 USB Driver Runtime Power Management Vulnerability

A vulnerability in the Linux kernel's USB driver for AX88772 devices can lead to deadlocks. The issue arises because the driver enables USB runtime power management (PM) autosuspend by default. When this feature is active, the driver can unintentionally trigger a power resume while holding a USB power management lock, creating a conflict with other operations that require a different lock, potentially causing a deadlock. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause deadlocks by creating conflicts between power management operations and other tasks that require a specific locking mechanism.

Reproduction

The vulnerability can be reproduced by using an AX88772 USB device with a Linux kernel version that has not applied the recent patch. The device will automatically enable runtime power management autosuspend, which can interfere with normal operations and lead to a deadlock.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.