Linux Kernel USB Gadget Driver Vulnerability Affecting Multiple Versions
CVE-2023-53580
What is CVE-2023-53580?
A vulnerability in the Linux kernel affects the USB gadget driver, leading to possible kernel panic during the unconfiguration process. The issue arises from a deadlock situation caused by the gadget_unbind_driver() function, which holds a mutex while calling the driver unbind callback. This conflict arises when usb_gadget_deactivate() also attempts to acquire the same mutex, resulting in a failure to safely deactivate the driver. A patch has been implemented to resolve this deadlock by releasing the mutex before invoking the unbind callback. Additional comments in the code will further clarify the context of specific function calls to mitigate similar issues in future updates.
Affected Version(s)
Linux d8195536ce2624e2947d9f56b1a61e7a27874bd3
Linux 286d9975a838d0a54da049765fa1d1fb96b89682 < 8c1edc00db65f6d4408b3d1cd845e8da3b9e0ca4
Linux 286d9975a838d0a54da049765fa1d1fb96b89682 < 65dadb2beeb7360232b09ebc4585b54475dfee06