CVE-2024-26933

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a deadlock in the port "disable" sysfs attribute in the Linux kernel's USB core. The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device, which can cause problems if another process has locked the hub to remove it or change its configuration. This can lead to a deadlock situation where the lock cannot be released until the callback routines return, but the callback routines cannot return until after they have acquired the lock. The deadlock can be avoided by calling sysfs break active protection(), but this call has the disadvantage that there is no guarantee that the hub structure won't be deallocated at any moment. To prevent this, a reference to the hub structure must be acquired first by calling hub get().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.