CVE-2024-26934

USB: core: Fix deadlock in usb_deauthorize_interface()

References

https://cve.org/CVERecord/?id=CVE-2024-26934

Notes

 carnil> Introduced in 310d2b4124c0 ("usb: interface authorization: SysFS part of USB
 carnil> interface authorization"). Vulnerable versions: 4.4-rc1.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	released (4.19.312) [8cbdd324b41528994027128207fae8100dff094f]
5.10-bullseye-security	released (5.10.216-1)
5.10-upstream-stable	released (5.10.215) [e451709573f8be904a8a72d0775bf114d7c291d9]
6.1-bookworm-security	released (6.1.85-1)
6.1-upstream-stable	released (6.1.84) [ab062fa3dc69aea88fe62162c5881ba14b50ecc5]
6.6-upstream-stable	released (6.6.24) [122a06f1068bf5e39089863f4f60b1f5d4273384]
6.8-upstream-stable	released (6.8.3) [07acf979da33c721357ff27129edf74c23c036c6]
sid	released (6.7.12-1)
upstream	released (6.9-rc2) [80ba43e9f799cbdd83842fc27db667289b3150f5]