Linux Kernel xHCI Controller Interrupt Storm Vulnerability Due to Host Controller Error

A vulnerability in the Linux kernel's USB xHCI controller can cause an interrupt storm when a Host Controller Error (HCE) is reported during UAS Storage Device plug and unplug scenarios on Android devices. The HCE interrupts are not cleared, leading to severe system-level faults. Although the driver logs a warning and expects xHC activity to cease, the interrupt storm continues on some hosts until the xHC interrupt is manually disabled and the controller is stopped. This vulnerability has been addressed by adding a call to 'xhci_halt()' in the interrupt handler where HCE is detected, which stops the interrupt storm. However, proper recovery from HCE requires resetting and re-initializing the xHC controller.

Impact

The vulnerability causes an interrupt storm that is not cleared, leading to severe system-level faults.

Reproduction

The vulnerability can be reproduced by connecting and disconnecting a UAS Storage Device on an Android device running the affected Linux kernel. The xHCI controller will report a Host Controller Error, which is not properly handled, causing an interrupt storm that disrupts normal system operations.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel stable tree. Instructions for downloading the patched version can be found in the 'download' section of the commit details.