[SRU][OEM-5.17][PATCH 0/1] CVE-2022-4662
Magali Lemes
magali.lemes.do.sacramento at canonical.com
Wed Apr 5 20:42:33 UTC 2023
[Impact]
It was discovered that the USB core subsystem in the Linux kernel did not
properly handle nested reset events. A local attacker with physical access
could plug in a specially crafted USB device to cause a denial of service
(kernel deadlock).
[Backport]
Clean cherry-pick.
[Test]
Compile and boot tested.
[Regression potential]
Low, since it's just adding a reset_in_progress flag to indicate that a reset
is already in progress. Still, this impacts a USB Core file.
Alan Stern (1):
USB: core: Prevent nested device-reset calls
drivers/usb/core/hub.c | 10 ++++++++++
include/linux/usb.h | 2 ++
2 files changed, 12 insertions(+)
--
2.34.1
More information about the kernel-team
mailing list