Linux Kernel Circular Locking Dependency Vulnerability in Uinput Component

A circular locking dependency vulnerability has been identified in the Linux kernel's uinput component, specifically within the stable branch. This issue arises when using a force-feedback gamepad, such as the Flydigi Vader 5 controller, while playing ELDEN RING under Wine. The vulnerability creates a deadlock scenario by establishing a cycle in lock acquisition paths, involving the mutexes of force feedback, udev, input, and device layers. The problem can be reproduced consistently under these conditions.

Impact

Exploitation of this vulnerability leads to a deadlock situation, where the involved processes are unable to proceed, causing a denial of service by hanging the input handling.

Reproduction

To reproduce this vulnerability, use a force-feedback gamepad with the uinput device driver in the Linux kernel. Play ELDEN RING under Wine while using a Flydigi Vader 5 controller. This combination will trigger a circular locking dependency warning, indicating the presence of the vulnerability.

Remediation

The vulnerability has been addressed by introducing a new state_lock spinlock to manage udev's state and device access in the uinput_request_send() function. This change eliminates the circular dependency by preventing mutexes from forming cycles. The fix is available in the Linux kernel stable tree.