Linux Kernel AQC111 USB Driver Suspend Callback Vulnerability Causes Task Hang

A vulnerability in the Linux kernel's AQC111 USB driver can lead to a task hang during the power management resume process. This issue occurs because the driver's suspend function calls a power management routine that resumes the device, creating a deadlock. The problem blocks a task that holds a critical lock, freezing the entire networking stack. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a deadlock that halts a task holding a critical lock, freezing the entire networking stack.

Reproduction

The vulnerability can be reproduced by suspending a USB device using the AQC111 driver. The driver's suspend function will call a power management routine that resumes the device, leading to a deadlock. This can be observed by monitoring the task states and the networking stack's responsiveness.

Remediation

The vulnerability has been addressed by modifying the suspend function to use non-power management variants of the write command routines, preventing the deadlock. Users should update to the latest version of the Linux kernel where this fix has been applied.