CVE-2023-53580

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel's USB gadget core that could lead to a kernel panic during the unconfiguration of a UVC gadget driver. The issue arises from a deadlock situation when a gadget driver calls usb gadget deactivate() as part of its unbind procedure. Specifically, gadget unbind driver() holds the udc->connect lock mutex while calling the driver's unbind() callback, and usb gadget deactivate() attempts to acquire the same mutex, resulting in a deadlock. The fix involves releasing the mutex before invoking the unbind() callback and reacquiring it afterward. It is important to note that usb gadget activate() and usb gadget deactivate() should not be called from a gadget driver's disconnect() callback, as this callback may run in interrupt context.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.