CVE-2022-49313

drivers: usb: host: Fix deadlock in oxu_bus_suspend()

Description

In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxu_bus_suspend() There is a deadlock in oxu_bus_suspend(), which is shown below: (Thread 1) | (Thread 2) | timer_action() oxu_bus_suspend() | mod_timer() spin_lock_irq() //(1) | (wait a time) ... | oxu_watchdog() del_timer_sync() | spin_lock_irq() //(2) (wait timer to stop) | ... We hold oxu->lock in position (1) of thread 1, and use del_timer_sync() to wait timer to stop, but timer handler also need oxu->lock in position (2) of thread 2. As a result, oxu_bus_suspend() will block forever. This patch extracts del_timer_sync() from the protection of spin_lock_irq(), which could let timer handler to obtain the needed lock.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.02%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/9b58d255f27b0ed6a2e43208960864d67579db58 patch
https://git.kernel.org/stable/c/a3d380188bde8900c3f604e82b56572896499124 patch
https://git.kernel.org/stable/c/f8242044c91cafbba9e320b0fb31abf2429a3221 patch
https://git.kernel.org/stable/c/2dcec0bc142be2096af71a5703d63237127db204 patch
https://git.kernel.org/stable/c/ffe9440d698274c6462d2e304562c6ddfc8c84df patch
https://git.kernel.org/stable/c/d888753872190abd18f68a7d77b9c7c367f0a7ab patch
https://git.kernel.org/stable/c/4187b291a76664a3c03d3f0d9bfadc8322881868 patch
https://git.kernel.org/stable/c/b97aae8b43b718314012e8170b7e03dbfd2e7677 patch
https://git.kernel.org/stable/c/4d378f2ae58138d4c55684e1d274e7dd94aa6524 patch

Frequently Asked Questions

What is the severity of CVE-2022-49313?
CVE-2022-49313 has been scored as a medium severity vulnerability.
How to fix CVE-2022-49313?
To fix CVE-2022-49313, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49313 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49313 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49313?
CVE-2022-49313 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.