APPLIED Re: [SRU][OEM-5.17][PATCH 0/1] CVE-2022-4662
Timo Aaltonen
tjaalton at ubuntu.com
Tue Apr 18 06:48:38 UTC 2023
Magali Lemes kirjoitti 5.4.2023 klo 23.42:
> [Impact]
> It was discovered that the USB core subsystem in the Linux kernel did not
> properly handle nested reset events. A local attacker with physical access
> could plug in a specially crafted USB device to cause a denial of service
> (kernel deadlock).
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile and boot tested.
>
> [Regression potential]
> Low, since it's just adding a reset_in_progress flag to indicate that a reset
> is already in progress. Still, this impacts a USB Core file.
>
> Alan Stern (1):
> USB: core: Prevent nested device-reset calls
>
> drivers/usb/core/hub.c | 10 ++++++++++
> include/linux/usb.h | 2 ++
> 2 files changed, 12 insertions(+)
>
applied to oem-5.17, thanks
--
t
More information about the kernel-team
mailing list