lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250826142418.961703-1-serein.chengyu@huawei.com>
Date: Tue, 26 Aug 2025 22:24:18 +0800
From: Cheng Yu <serein.chengyu@...wei.com>
To: <gregkh@...uxfoundation.org>
CC: <cve@...nel.org>, <gregkh@...nel.org>,
	<linux-cve-announce@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	<tanghui20@...wei.com>, <zhangqiao22@...wei.com>,
	<serein.chengyu@...wei.com>, <huangjiale13@...artners.com>
Subject: [Question] fix CVE-2022-49980 introduces deadlock in linux-5.10.y

Hello,
I noticed that the community has assigned CVE-2022-49980.
I found that the issue described by this CVE also exists
in the linux-5.10.y. Therefore, I attempted to backport
the fix patch to the linux-5.10.y, but encountered a
potential deadlock after applying the patch.
The specific call path is as follows:
   usb_add_gadget              [(1) mutex_lock(&udc_lock]
     -> device_add
       -> kobject_uevent
         -> uevent_ops->uevent
           -> dev->class->dev_uevent
             -> usb_udc_uevent [(2) mutex_lock(&udc_lock)]
This results in repeated acquisition of udc_lock, causing
a deadlock.
Does the community have any suggestions on how to resolve
this new deadlock issue introduced by the CVE fix?

Best regards,
--
Cheng Yu

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ