Marcan

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the xHCI driver in the Linux kernel, specifically with handling TD clearing for multiple streams. When multiple streams are in use and an endpoint is stopped, multiple TDs might be in flight, requiring a Set TR Dequeue Pointer for each to reset properly and clear caches. The problem dates back to early commits in the XHCI driver's life, particularly with the introduction of stream support. It was identified but not fixed, leading to potential xHC crashes and IOMMU faults with UAS devices when handling errors or faults. The easiest way to reproduce the issue is by using `hdparm` to mark a bad sector on a disk and then running `cat /dev/sdX > /dev/null` in a loop. On systems without an IOMMU, this bug would silently corrupt freed memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.