CVE-2021-47582
Description
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout value. If timeout value is very large and the device being accessed does not respond in a reasonable amount of time, the kernel will complain about "Task X blocked for more than N seconds", as found in testing by syzbot: INFO: task syz-executor.0:8700 blocked for more than 143 seconds. Not tainted 5.14.0-rc7-syzkaller #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:syz-executor.0 state:D stack:23192 pid: 8700 ppid: 8455 flags:0x00004004 Call Trace: context_switch kernel/sched/core.c:4681 [inline] __schedule+0xc07/0x11f0 kernel/sched/core.c:5938 schedule+0x14b/0x210 kernel/sched/core.c:6017 schedule_timeout+0x98/0x2f0 kernel/time/timer.c:1857 do_wait_for_common+0x2da/0x480 kernel/sched/completion.c:85 __wait_for_common kernel/sched/completion.c:106 [inline] wait_for_common kernel/sched/completion.c:117 [inline] wait_for_completion_timeout+0x46/0x60 kernel/sched/completion.c:157 usb_start_wait_urb+0x167/0x550 drivers/usb/core/message.c:63 do_proc_bulk+0x978/0x1080 drivers/usb/core/devio.c:1236 proc_bulk drivers/usb/core/devio.c:1273 [inline] usbdev_do_ioctl drivers/usb/core/devio.c:2547 [inline] usbdev_ioctl+0x3441/0x6b10 drivers/usb/core/devio.c:2713 ... To fix this problem, this patch replaces usbfs's calls to usb_control_msg() and usb_bulk_msg() with special-purpose code that does essentially the same thing (as recommended in the comment for usb_start_wait_urb()), except that it always uses a killable wait and it uses GFP_KERNEL rather than GFP_NOIO.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rocky | 8 | fixed | |
| sles | affected | | |
| debian | bookworm | fixed | 5.15.15-1 |
| debian | bullseye | affected | |
| debian | forky | fixed | 5.15.15-1 |
| debian | sid | fixed | 5.15.15-1 |
| debian | trixie | fixed | 5.15.15-1 |
| almalinux | 8 | fixed | kernel-abi-stablelists-4.18.0-553.22.1.el8_10.noarch.rpm |
References
- https://errata.rockylinux.org/RLSA-2024:7000
- https://errata.rockylinux.org/RLSA-2024:7001
- https://www.suse.com/security/cve/CVE-2021-47582.html
- https://security-tracker.debian.org/tracker/CVE-2021-47582
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/2258012
- https://bugzilla.redhat.com/2258013
- https://bugzilla.redhat.com/2260038
- https://bugzilla.redhat.com/2265799
- https://bugzilla.redhat.com/2265838
- https://bugzilla.redhat.com/2266358
- https://bugzilla.redhat.com/2266750
- https://bugzilla.redhat.com/2267036
- https://bugzilla.redhat.com/2267041
- https://bugzilla.redhat.com/2267795
- https://bugzilla.redhat.com/2267916
- https://bugzilla.redhat.com/2267925
- https://bugzilla.redhat.com/2268295
- https://bugzilla.redhat.com/2270103
- https://bugzilla.redhat.com/2271648
- https://bugzilla.redhat.com/2271796
- https://bugzilla.redhat.com/2272793
- https://bugzilla.redhat.com/2273141
- https://bugzilla.redhat.com/2273148
- https://bugzilla.redhat.com/2273180
💬 Discuss CVE-2021-47582 on VIR Community →
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.