ACK: [SRU][OEM-5.17][PATCH 0/1] CVE-2022-4662
Tim Gardner
tim.gardner at canonical.com
Thu Apr 6 13:49:35 UTC 2023
On 4/5/23 2:42 PM, Magali Lemes wrote:
> [Impact]
> It was discovered that the USB core subsystem in the Linux kernel did not
> properly handle nested reset events. A local attacker with physical access
> could plug in a specially crafted USB device to cause a denial of service
> (kernel deadlock).
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile and boot tested.
>
> [Regression potential]
> Low, since it's just adding a reset_in_progress flag to indicate that a reset
> is already in progress. Still, this impacts a USB Core file.
>
> Alan Stern (1):
> USB: core: Prevent nested device-reset calls
>
> drivers/usb/core/hub.c | 10 ++++++++++
> include/linux/usb.h | 2 ++
> 2 files changed, 12 insertions(+)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list