CVE-2024-42085
📋 TL;DR
A race condition in the Linux kernel's DWC3 USB driver causes a deadlock when suspending systems with dual-role USB functionality enabled. This vulnerability affects Linux systems with specific kernel configurations and can cause system hangs or denial of service. The issue requires local access to trigger via system suspend commands.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
System becomes completely unresponsive (deadlock) requiring hard reboot, causing denial of service and potential data loss.
Likely Case
System hangs during suspend/resume operations, requiring manual intervention to restore functionality.
If Mitigated
Minor disruption to suspend/resume functionality if triggered by authorized users.
🎯 Exploit Status
Exploitation requires local access and ability to execute suspend commands. No privilege escalation involved.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with fixes from provided git commits
Vendor Advisory: https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649
Restart Required: Yes
Instructions:
1. Update to patched kernel version from your distribution. 2. Reboot system to load new kernel. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable USB dual-role mode
linuxDisable CONFIG_USB_DWC3_DUAL_ROLE kernel configuration to prevent the deadlock condition
echo 'blacklist dwc3' > /etc/modprobe.d/disable-dwc3.conf
update-initramfs -u
reboot
Restrict suspend permissions
linuxPrevent non-privileged users from triggering system suspend
chmod 600 /sys/power/state
setfacl -m u:root:rw /sys/power/state
🧯 If You Can't Patch
- Restrict access to system suspend functionality to privileged users only
- Monitor for system hangs and implement automated recovery procedures
🔍 How to Verify
Check if Vulnerable:
Check if CONFIG_USB_DWC3_DUAL_ROLE is enabled and kernel version is within affected range: grep CONFIG_USB_DWC3_DUAL_ROLE /boot/config-$(uname -r)Check Version:
uname -rVerify Fix Applied:
Verify kernel version is updated beyond affected commits and test suspend/resume functionality📡 Detection & Monitoring
Log Indicators:
- System hangs during suspend
- Kernel panic messages related to DWC3 driver
- Watchdog timeouts
Network Indicators:
- Sudden loss of connectivity from affected system
SIEM Query:
source="kernel" AND ("dwc3" OR "suspend" OR "deadlock")🔗 References
- https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649
- https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c
- https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136
- https://git.kernel.org/stable/c/8731a0b180f6b5d52397c7aeea6eda9511a467a7
- https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63
- https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276
- https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649
- https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c
- https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136
- https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63
- https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
