In the Linux kernel, the following vulnerability has been resolved:
USB: core: Fix deadlock in usbdeauthorizeinterface()
Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interfaceauthorizedstore() function is the only one which acquires a device lock on an ancestor device: It calls usbdeauthorizeinterface(), which locks the interface's parent USB device.
The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected. As part of the removal procedure, devicedel() waits for all ongoing sysfs attribute callbacks to complete. But usbdeauthorize_interface() can't complete until the device lock has been released, and the lock won't be released until the removal has finished.
The mechanism provided by sysfs to prevent this kind of deadlock is to use the sysfsbreakactive_protection() function, which tells sysfs not to wait for the attribute callback.
Reported-and-tested by: Yue Sun samsun1006219@gmail.com Reported by: xingwei lee xrivendell7@gmail.com
{ "vanir_signatures": [ { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "255194362801868769054981805516713577359", "216981573228730666193147549682721329600", "66597568028652619608691940157902826588", "309824258995939531894188648229499974400", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbdf66250d2d33e8b27352fcb901de79f3521057", "id": "CVE-2024-26934-0b1f77c6" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab062fa3dc69aea88fe62162c5881ba14b50ecc5", "id": "CVE-2024-26934-0d0a1ffa" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07acf979da33c721357ff27129edf74c23c036c6", "id": "CVE-2024-26934-143f5c75" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@80ba43e9f799cbdd83842fc27db667289b3150f5", "id": "CVE-2024-26934-18fb80eb" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b175bc579f46520b11ecda443bcd2ee4904f66a", "id": "CVE-2024-26934-1bcb1d04" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "225923965809261877400597666336608243061", "33954229628805124472532228039807481957", "119447499874475457292178775172882402689", "265519757788312088789512203311618825929", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1b175bc579f46520b11ecda443bcd2ee4904f66a", "id": "CVE-2024-26934-1e4fb45e" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12d6a5681a0a5cecc2af7860f0a1613fa7c6e947", "id": "CVE-2024-26934-29563a72" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "255194362801868769054981805516713577359", "216981573228730666193147549682721329600", "66597568028652619608691940157902826588", "309824258995939531894188648229499974400", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@80ba43e9f799cbdd83842fc27db667289b3150f5", "id": "CVE-2024-26934-44aa964f" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8cbdd324b41528994027128207fae8100dff094f", "id": "CVE-2024-26934-551db9ca" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "255194362801868769054981805516713577359", "216981573228730666193147549682721329600", "66597568028652619608691940157902826588", "309824258995939531894188648229499974400", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@07acf979da33c721357ff27129edf74c23c036c6", "id": "CVE-2024-26934-6e2da6ba" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "225923965809261877400597666336608243061", "33954229628805124472532228039807481957", "119447499874475457292178775172882402689", "265519757788312088789512203311618825929", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab062fa3dc69aea88fe62162c5881ba14b50ecc5", "id": "CVE-2024-26934-88e5545e" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@122a06f1068bf5e39089863f4f60b1f5d4273384", "id": "CVE-2024-26934-9defab0d" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e451709573f8be904a8a72d0775bf114d7c291d9", "id": "CVE-2024-26934-a9217fec" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "225923965809261877400597666336608243061", "33954229628805124472532228039807481957", "119447499874475457292178775172882402689", "265519757788312088789512203311618825929", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e451709573f8be904a8a72d0775bf114d7c291d9", "id": "CVE-2024-26934-badd2a78" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "255194362801868769054981805516713577359", "216981573228730666193147549682721329600", "66597568028652619608691940157902826588", "309824258995939531894188648229499974400", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@122a06f1068bf5e39089863f4f60b1f5d4273384", "id": "CVE-2024-26934-c0a6a35f" }, { "signature_type": "Function", "target": { "file": "drivers/usb/core/sysfs.c", "function": "interface_authorized_store" }, "signature_version": "v1", "digest": { "length": 268.0, "function_hash": "3789175911371137306312622500213422377" }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@dbdf66250d2d33e8b27352fcb901de79f3521057", "id": "CVE-2024-26934-d6e87fdf" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "225923965809261877400597666336608243061", "33954229628805124472532228039807481957", "119447499874475457292178775172882402689", "265519757788312088789512203311618825929", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8cbdd324b41528994027128207fae8100dff094f", "id": "CVE-2024-26934-e4980aa3" }, { "signature_type": "Line", "target": { "file": "drivers/usb/core/sysfs.c" }, "signature_version": "v1", "digest": { "threshold": 0.9, "line_hashes": [ "328827997379793660128456575623726894442", "225923965809261877400597666336608243061", "33954229628805124472532228039807481957", "119447499874475457292178775172882402689", "265519757788312088789512203311618825929", "229972370032344612823679883780300846392", "266537491972535565124549070290215331879", "295205462771820061699336964993693852220", "14146444188910749228578076220456595318", "148229836592791740354816793231265079470" ] }, "deprecated": false, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@12d6a5681a0a5cecc2af7860f0a1613fa7c6e947", "id": "CVE-2024-26934-ed27033e" } ] }