CVE-2024-58059: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-58059 affects the Linux kernel's uvcvideo driver. The vulnerability was discovered and disclosed on March 6, 2025, and involves a potential deadlock condition during uvcprobe execution. The issue occurs when uvcprobe() fails and attempts to call uvcstatusunregister() before uvcstatusinit() is called (Kernel Git).

The vulnerability stems from a race condition in the Linux kernel's USB Video Class (UVC) driver. Specifically, if uvcprobe() fails during device initialization, it can trigger a deadlock by calling uvcstatusunregister() before uvcstatus_init() has been properly executed. The issue was introduced by commit c5fe3ed618f9 which attempted to avoid race conditions during unregister operations (Kernel Git).

The vulnerability can result in a system deadlock when initializing USB video devices that use the UVC driver. This could potentially affect system stability and USB video device functionality (NVD).

The issue has been patched by adding a NULL check for dev->status in uvcstatusunregister(). The fix prevents the deadlock by ensuring that uvcstatusunregister() only proceeds if dev->status has been properly initialized. The patch has been merged into the Linux kernel mainline and is being backported to stable kernel versions (Kernel Git).