I2c Module Vulnerability in Linux Kernel Affects ACPI Devices
CVE-2024-45029

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 September 2024

What is CVE-2024-45029?

In the Linux kernel, the following vulnerability has been resolved:

i2c: tegra: Do not mark ACPI devices as irq safe

On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug:

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
...

Call trace:
__might_sleep
__mutex_lock_common
mutex_lock_nested
acpi_subsys_runtime_resume
rpm_resume
tegra_i2c_xfer

The problem arises because during __pm_runtime_resume(), the spinlock &dev->power.lock is acquired before rpm_resume() is called. Later, rpm_resume() invokes acpi_subsys_runtime_resume(), which relies on mutexes, triggering the error.

To address this issue, devices on ACPI are now marked as not IRQ-safe, considering the dependency of acpi_subsys_runtime_resume() on mutexes.

Affected Version(s)

Linux bd2fdedbf2bac27f4a2ac16b84ab9b9e5f67006c

Linux bd2fdedbf2bac27f4a2ac16b84ab9b9e5f67006c < 6861faf4232e4b78878f2de1ed3ee324ddae2287

Linux bd2fdedbf2bac27f4a2ac16b84ab9b9e5f67006c < 2853e1376d8161b04c9ff18ba82b43f08a049905

References

https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080e...

https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1e...

https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2024
Vulnerability Reserved
Aug 21, 2024