CVE-2026-43428

Published: May 9, 2026Last modified: June 24, 2026

Description

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the possibility of hanging a task for an indefinitely long time, with no way to kill it short of unplugging the target device. To prevent this sort of problem, enforce a maximum limit on the length of these unkillable timeouts. The limit chosen here, somewhat arbitrarily, is 60 seconds. On many systems (although not all) this is short enough to avoid triggering the kernel's hung-task detector. In addition, clear up the ambiguity of negative timeout values by treating them the same as 0, i.e., using the maximum allowed timeout.

Severity score breakdown

Status

References

• https://git.kernel.org/stable/c/06d2bbc4c66c6b0e8a43728c4949026026a5be67
• https://git.kernel.org/stable/c/1015c27a5e1a63efae2b18a9901494474b4d1dc3
• https://git.kernel.org/stable/c/24b31a227f679a942d820840a4dea7f0c09a387f
• https://git.kernel.org/stable/c/2d34cb4d1d6283b4be9c78f4a83ed6956d3069ec
• https://git.kernel.org/stable/c/4e86f5b79e62ded7e3c3ebd688cf5775e618148a
• https://git.kernel.org/stable/c/64f3d75633aedc12bdff220e9a4337177430bd9d
• https://git.kernel.org/stable/c/659c0c7d50a4b0f6aa197c4c098cfd91daf63862
• https://git.kernel.org/stable/c/6c62935670acdbb7687ced20494923b66fbb0367