CVE-2024-50100

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> USB: gadget: dummy-hcd: Fix "task hung" problem<br /> <br /> The syzbot fuzzer has been encountering "task hung" problems ever<br /> since the dummy-hcd driver was changed to use hrtimers instead of<br /> regular timers. It turns out that the problems are caused by a subtle<br /> difference between the timer_pending() and hrtimer_active() APIs.<br /> <br /> The changeover blindly replaced the first by the second. However,<br /> timer_pending() returns True when the timer is queued but not when its<br /> callback is running, whereas hrtimer_active() returns True when the<br /> hrtimer is queued _or_ its callback is running. This difference<br /> occasionally caused dummy_urb_enqueue() to think that the callback<br /> routine had not yet started when in fact it was almost finished. As a<br /> result the hrtimer was not restarted, which made it impossible for the<br /> driver to dequeue later the URB that was just enqueued. This caused<br /> usb_kill_urb() to hang, and things got worse from there.<br /> <br /> Since hrtimers have no API for telling when they are queued and the<br /> callback isn&amp;#39;t running, the driver must keep track of this for itself.<br /> That&amp;#39;s what this patch does, adding a new "timer_pending" flag and<br /> setting or clearing it at the appropriate times.