CVE-2024-26963
usb: dwc3-am62: fix module unload/reload behavior
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
usb: dwc3-am62: fix module unload/reload behavior
As runtime PM is enabled, the module can be runtime
suspended when .remove() is called.
Do a pm_runtime_get_sync() to make sure module is active
before doing any register operations.
Doing a pm_runtime_put_sync() should disable the refclk
so no need to disable it again.
Fixes the below warning at module removel.
[ 39.705310] ------------[ cut here ]------------
[ 39.710004] clk:162:3 already disabled
[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8
We called of_platform_populate() in .probe() so call the
cleanup function of_platform_depopulate() in .remove().
Get rid of the now unnnecessary dwc3_ti_remove_core().
Without this, module re-load doesn't work properly.
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: dwc3-am62: corrige el comportamiento de descarga/recarga del módulo. Como el PM en tiempo de ejecución está habilitado, el tiempo de ejecución del módulo se puede suspender cuando se llama a .remove(). Realice pm_runtime_get_sync() para asegurarse de que el módulo esté activo antes de realizar cualquier operación de registro. Hacer pm_runtime_put_sync() debería deshabilitar refclk, por lo que no es necesario deshabilitarlo nuevamente. Corrige la siguiente advertencia al eliminar el módulo. [39.705310] ------------[ cortar aquí ]------------ [ 39.710004] clk:162:3 ya deshabilitado [ 39.713941] ADVERTENCIA: CPU: 0 PID : 921 en drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8 Llamamos a of_platform_populate() en .probe(), así que llame a la función de limpieza of_platform_depopulate() en .remove(). Deshágase del ahora innecesario dwc3_ti_remove_core(). Sin esto, la recarga del módulo no funciona correctamente.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-05-01 CVE Published
- 2024-05-01 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/e8784c0aec03a2581ee55827ba694e129d6a57ad | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.1.84 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.1.84" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.6.24 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.6.24" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.7.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.7.12" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.8.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.8.3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.19 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.19 < 6.9" | en |
Affected
| ||||||