CVE-2021-47582

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-rc7-syzkaller

Description The issue is related to the USB core in the Linux kernel, where the usb start wait urb() function contains an uninterruptible wait with a user-specified timeout value. If the timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about "Task X blocked for more than N seconds". This problem can be fixed by replacing usbfs's calls to usb control msg() and usb bulk msg() with special-purpose code that always uses a killable wait and uses GFP KERNEL rather than GFP NOIO.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the patch for this problem. Specifically, the patch replaces usbfs's calls to usb control msg() and usb bulk msg() with special-purpose code that does essentially the same thing, except that it always uses a killable wait and it uses GFP KERNEL rather than GFP NOIO. As a temporary workaround, consider disabling the do proc control() and do proc bulk() functions until a patch is available. Additionally, setting echo 0 > /proc/sys/kernel/hung task timeout secs can disable the "Task X blocked for more than N seconds" message.