Hubert Wiśniewski

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A hardware lockup issue has been identified in the Linux kernel, specifically in the MUSB (Media Universal Serial Bus) driver. This issue can occur when a request's callback is invoked from within the `usb ep queue()` function, which can create deadlock situations. The problem arises when the gadget is initialized and a packet arrives, setting the RXPKTRDY flag and raising an interrupt. If IRQs (Interrupt Requests) are enabled during the complete callback, the endpoint can become locked up, preventing further packets from being received. This issue is particularly relevant to the USB Ethernet gadget, where the `rx complete()` callback calls `netif rx()`, which can disable and then re-enable IRQs. The situation is complex, involving multiple components and potential workarounds. **Recommendations** To resolve this issue, consider the following approaches: 1. Ensure that callbacks never enable IRQs, although this might be challenging to enforce due to the complexity of interactions between `netif rx()` and interrupts. 2. Disable MUSB interrupts in `musb g giveback()` before calling the callback and re-enable them afterward to prevent MUSB interrupts from being handled during the callback. 3. Modify the interrupt handler to clear the RXPKTRDY flag if the request queue is empty, although this approach may waste CPU time. 4. Flush the Rx FIFO instead of calling `rxstate()` in `musb ep restart()` to ensure the hardware can receive packets when there is at least one request in the queue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.