CVE-2024-27003

clk: Get runtime PM before walking tree for clk_summary

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

clk: Get runtime PM before walking tree for clk_summary

Similar to the previous commit, we should make sure that all devices are
runtime resumed before printing the clk_summary through debugfs. Failure
to do so would result in a deadlock if the thread is resuming a device
to print clk state and that device is also runtime resuming in another
thread, e.g the screen is turning on and the display driver is starting
up. We remove the calls to clk_pm_runtime_{get,put}() in this path
because they're superfluous now that we know the devices are runtime
resumed. This also squashes a bug where the return value of
clk_pm_runtime_get() wasn't checked, leading to an RPM count underflow
on error paths.

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: clk: Obtenga PM en tiempo de ejecución antes de recorrer el árbol para clk_summary De manera similar a el commit anterior, debemos asegurarnos de que todos los dispositivos se reanuden en tiempo de ejecución antes de imprimir clk_summary a través de debugfs. No hacerlo resultaría en un punto muerto si el subproceso está reanudando un dispositivo para imprimir el estado de clk y ese dispositivo también está reanudando el tiempo de ejecución en otro subproceso, por ejemplo, la pantalla se enciende y el controlador de pantalla se está iniciando. Eliminamos las llamadas a clk_pm_runtime_{get,put}() en esta ruta porque son superfluas ahora que sabemos que los dispositivos se han reanudado en tiempo de ejecución. Esto también soluciona un error por el cual el valor de retorno de clk_pm_runtime_get() no se verificaba, lo que provocaba un desbordamiento insuficiente del recuento de RPM en las rutas de error.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-05-01 CVE Published
2024-05-13 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (5)

URL	Tag	Source
https://git.kernel.org/stable/c/1bb294a7981c737e2311a78e4086635ac0220ace	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/83ada89e4a86e2b28ea2b5113c76d6dc7560a4d0	2024-04-27
https://git.kernel.org/stable/c/2c077fdfd09dffb31a890e5095c8ab205138a42e	2024-04-27
https://git.kernel.org/stable/c/b457105309d388e4081c716cf7b81d517ff74db4	2024-04-27
https://git.kernel.org/stable/c/9d1e795f754db1ac3344528b7af0b17b8146f321	2024-04-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.1.88 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.1.88"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.6.29 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.6.29"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.8.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.8.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.17 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.17 < 6.9"		en		Affected