CVE-2024-27002
clk: mediatek: Do a runtime PM get on controllers during probe
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: Do a runtime PM get on controllers during probe
mt8183-mfgcfg has a mutual dependency with genpd during the probing
stage, which leads to a deadlock in the following call stack:
CPU0: genpd_lock --> clk_prepare_lock
genpd_power_off_work_fn()
genpd_lock()
generic_pm_domain::power_off()
clk_unprepare()
clk_prepare_lock()
CPU1: clk_prepare_lock --> genpd_lock
clk_register()
__clk_core_init()
clk_prepare_lock()
clk_pm_runtime_get()
genpd_lock()
Do a runtime PM get at the probe function to make sure clk_register()
won't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg,
do this on all mediatek clock controller probings because we don't
believe this would cause any regression.
Verified on MT8183 and MT8192 Chromebooks.
En el kernel de Linux, se resolvió la siguiente vulnerabilidad: clk: mediatek: realice un PM en tiempo de ejecución en los controladores durante la prueba mt8183-mfgcfg tiene una dependencia mutua con genpd durante la etapa de prueba, lo que conduce a un punto muerto en la siguiente pila de llamadas: CPU0: genpd_lock --> clk_prepare_lock genpd_power_off_work_fn() genpd_lock() generic_pm_domain::power_off() clk_unprepare() clk_prepare_lock() CPU1: clk_prepare_lock --> genpd_lock clk_register() __clk_core_init() clk_prepare_lock() clk_pm_runtime_get() genpd_lock() Hacer un tiempo de ejecución PM acceda a la función de sonda para asegurarse de que clk_register() no adquiera el bloqueo genpd. En lugar de modificar únicamente mt8183-mfgcfg, haga esto en todas las pruebas del controlador de reloj mediatek porque no creemos que esto cause ninguna regresión. Verificado en Chromebooks MT8183 y MT8192.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-05-01 CVE Published
- 2024-12-19 CVE Updated
- 2024-12-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://git.kernel.org/stable/c/acddfc2c261b3653ab1c1b567a427299bac20d31 | Vuln. Introduced |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.2 < 6.1.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 6.1.88" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.2 < 6.6.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 6.6.29" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.2 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 6.8.8" | en |
Affected
| ||||||
Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 5.2 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.2 < 6.9" | en |
Affected
|