CVE-2024-27072: Resolving Linux Kernel Vulnerability in media: usbtv - Useless Locks Removal in usbtv_video_free()

Linux kernel is an essential component of the Linux operating system that provides an interface between the hardware and software components. Recently, a vulnerability has been discovered in the Linux kernel that has the potential to cause a deadlock in the media: usbtv. The vulnerability has been identified as CVE-2024-27072 and has been resolved by removing useless locks found in usbtv_video_free() function. In this blog post, we will discuss the details of this vulnerability, its exploitation, and the resolution with code snippets and references to the original sources.

Exploit Details

The discovered vulnerability is related to useless locks calls in the usbtv_video_free() function that could lead to a deadlock. This issue was reported on the syzkaller bug tracking platform: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000. It was noticed that the issue could only be encountered if the user disconnected while streaming. However, after the changes introduced in commit 'c838530d230b,' this issue became noticeable even when disconnecting while not streaming.

The following code snippet demonstrates the issue in the original function

static void usbtv_video_free(struct usbtv *usbtv)
{
  if (video_is_registered(&usbtv->video)) {
    usbtv_stop(usbtv); // Problematic call
    mutex_lock(&usbtv->vb2q_lock);
    video_unregister_device(&usbtv->video);
    mutex_unlock(&usbtv->vb2q_lock);
  }
}

Resolution

In order to resolve the vulnerability CVE-2024-27072, the locks calls in the usbtv_video_free() function were removed. This change prevents the possibility of a deadlock in the media: usbtv. The problematic usbtv_stop() call was also removed since it will be called when unregistering the device. The updated code snippet for resolving the issue is as follows:

static void usbtv_video_free(struct usbtv *usbtv)
{
  if (video_is_registered(&usbtv->video)) {
    video_unregister_device(&usbtv->video);
  }
}

This solution has been integrated into the Linux kernel, and the problem is now resolved.

Conclusion

The Linux kernel vulnerability CVE-2024-27072 was a significant issue that could lead to deadlocks in the media: usbtv, making the system unresponsive. The resolution of this vulnerability lies in removing the useless locks calls and the problematic usbtv_stop() call in the usbtv_video_free() function. The updated code snippet ensures that the system no longer encounters deadlocks. Users are encouraged to update their Linux kernel to the latest version to prevent exploitation of this vulnerability.

Timeline

Published on: 05/01/2024 13:15:51 UTC
Last modified on: 05/29/2024 05:28:03 UTC