Linux Kernel imon Driver USB Error Recovery Vulnerability Leading to Hung Tasks

A vulnerability in the Linux kernel's imon driver for USB devices can cause tasks to hang indefinitely, disrupting normal operations. This issue arises from a flawed error-recovery mechanism that fails to manage -EPROTO errors effectively, leading to repeated error processing without resolution. The problem is exacerbated by certain hardware conditions that can prevent the driver from receiving expected data, further prolonging task interruptions. The vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability causes tasks to hang indefinitely by improperly managing USB error conditions, particularly -EPROTO errors. This mismanagement can lead to prolonged device lock, disrupting normal system operations and potentially causing resource stalls.

Reproduction

The vulnerability can be reproduced by using a USB device that interfaces with the imon driver, particularly one that may generate -EPROTO errors. This can occur under normal operating conditions, especially if the device experiences brief communication issues. Once the error occurs, the driver will continuously resubmit the affected USB request, creating a loop that holds the device lock and prevents the task from completing. This behavior can be observed with certain remote control devices that use the imon driver, such as those supported by the 'ir_toy', 'mceusb', and 'igorplugusb' modules.

Remediation

Users can update to the latest patched version of the Linux kernel, where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation or through the package management system of the Linux distribution in use.