CVE-2026-43428
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: core: Limit the length of unkillable synchronous timeouts
The usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the possibility of hanging a task for an indefinitely long time, with no way to kill it short of unplugging the target device.
To prevent this sort of problem, enforce a maximum limit on the length of these unkillable timeouts. The limit chosen here, somewhat arbitrarily, is 60 seconds. On many systems (although not all) this is short enough to avoid triggering the kernel's hung-task detector.
In addition, clear up the ambiguity of negative timeout values by treating them the same as 0, i.e., using the maximum allowed timeout.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4e86f5b79e62ded7e3c3ebd688cf5775e618148a | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 06d2bbc4c66c6b0e8a43728c4949026026a5be67 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 6c62935670acdbb7687ced20494923b66fbb0367 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 659c0c7d50a4b0f6aa197c4c098cfd91daf63862 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 24b31a227f679a942d820840a4dea7f0c09a387f | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 64f3d75633aedc12bdff220e9a4337177430bd9d | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2d34cb4d1d6283b4be9c78f4a83ed6956d3069ec | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1015c27a5e1a63efae2b18a9901494474b4d1dc3 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 5.10.253 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.203 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.167 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.130 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.78 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.19 <= 6.18.* | unaffected |
| Linux | Linux | 6.19.9 <= 6.19.* | unaffected |
| Linux | Linux | 7.0 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/4e86f5b79e62ded7e3c3ebd688cf5775e618148a
- https://git.kernel.org/stable/c/06d2bbc4c66c6b0e8a43728c4949026026a5be67
- https://git.kernel.org/stable/c/6c62935670acdbb7687ced20494923b66fbb0367
- https://git.kernel.org/stable/c/659c0c7d50a4b0f6aa197c4c098cfd91daf63862
- https://git.kernel.org/stable/c/24b31a227f679a942d820840a4dea7f0c09a387f
- https://git.kernel.org/stable/c/64f3d75633aedc12bdff220e9a4337177430bd9d
- https://git.kernel.org/stable/c/2d34cb4d1d6283b4be9c78f4a83ed6956d3069ec
- https://git.kernel.org/stable/c/1015c27a5e1a63efae2b18a9901494474b4d1dc3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.