CVE-2017-8071

Name of the Vulnerable Software and Affected Versions Linux kernel versions 4.9.x before 4.9.9

Description The issue arises from the use of a spinlock in the drivers/hid/hid-cp2112.c module without considering the possibility of sleeping in a USB HID request callback. This allows local users to cause a denial of service (deadlock) via unspecified vectors. The vulnerability is due to incorrect handling or release of resources.

Recommendations For Linux kernel versions 4.9.x before 4.9.9, update to version 4.9.9 or later to resolve the issue. As a temporary workaround, consider disabling the use of the hid-cp2112 driver until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the hid-cp2112 module in the affected USB HID request callback until the issue is resolved.