CVE-2022-49313
Published: Feb 26, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxu_bus_suspend() There is a deadlock in oxu_bus_suspend(), which is shown below: (Thread 1) | (Thread 2) | timer_action() oxu_bus_suspend() | mod_timer() spin_lock_irq() //(1) | (wait a time) ... | oxu_watchdog() del_timer_sync() | spin_lock_irq() //(2) (wait timer to stop) | ... We hold oxu->lock in position (1) of thread 1, and use del_timer_sync() to wait timer to stop, but timer handler also need oxu->lock in position (2) of thread 2. As a result, oxu_bus_suspend() will block forever. This patch extracts del_timer_sync() from the protection of spin_lock_irq(), which could let timer handler to obtain the needed lock.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected b92a78e582b1a45649143dc86e526f5824092478 - < 9b58d255f27b0ed6a2e43208960864d67579db58affected b92a78e582b1a45649143dc86e526f5824092478 - < a3d380188bde8900c3f604e82b56572896499124affected b92a78e582b1a45649143dc86e526f5824092478 - < f8242044c91cafbba9e320b0fb31abf2429a3221affected b92a78e582b1a45649143dc86e526f5824092478 - < 2dcec0bc142be2096af71a5703d63237127db204affected b92a78e582b1a45649143dc86e526f5824092478 - < ffe9440d698274c6462d2e304562c6ddfc8c84df+4 more versions |
Linux | Linux | affected 2.6.29unaffected 0 - < 2.6.29unaffected 4.9.318 - <= 4.9.*unaffected 4.14.283 - <= 4.14.*unaffected 4.19.247 - <= 4.19.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now