CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> USB: core: Limit the length of unkillable synchronous timeouts<br /> <br /> The usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in<br /> usbcore allow unlimited timeout durations. And since they use<br /> uninterruptible waits, this leaves open the possibility of hanging a<br /> task for an indefinitely long time, with no way to kill it short of<br /> unplugging the target device.<br /> <br /> To prevent this sort of problem, enforce a maximum limit on the length<br /> of these unkillable timeouts. The limit chosen here, somewhat<br /> arbitrarily, is 60 seconds. On many systems (although not all) this<br /> is short enough to avoid triggering the kernel&amp;#39;s hung-task detector.<br /> <br /> In addition, clear up the ambiguity of negative timeout values by<br /> treating them the same as 0, i.e., using the maximum allowed timeout.