The usb_giveback_urb function in the linux kernel has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, and it falls into an endless loop and occupies CPU resources, resulting in a denial of service attack. Reference: https://github.com/wanrenmi/a-usb-kernel-bug
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2227737]