Linux Kernel RTL8152 USB Driver Resume Reset Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's USB RTL8152 driver. This issue arises when the driver attempts to reset a device while already in the process of another reset, leading to a recursive mutex lock deadlock. The problem causes a device management timeout after 10 seconds, followed by a system panic after 15 seconds. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a device management timeout, causing a system panic after 15 seconds.

Reproduction

The vulnerability can be reproduced by using a USB device that relies on the RTL8152 driver. During the device resume process, the driver will attempt to reset the device while holding a mutex lock. This can create a deadlock situation where the driver is stuck waiting for the mutex to be released, causing a timeout and eventual system panic.

Remediation

The vulnerability has been addressed in a patch available in the Linux kernel stable tree. Instructions for applying the patch can be found in the Linux kernel Git repository.