CVE-2024-26605
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-26605
CVE Details
| Release Date: | 2024-02-24 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nPCI/ASPM: Fix deadlock when enabling ASPM\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n============================================\nWARNING: possible recursive locking detected\n6.7.0 #40 Not tainted\n--------------------------------------------\nkworker/u16:5/90 is trying to acquire lock:\nffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\nbut task is already holding lock:\nffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0\n----\nlock(pci_bus_sem);\nlock(pci_bus_sem);\n*** DEADLOCK ***\nCall trace:\nprint_deadlock_bug+0x25c/0x348\n__lock_acquire+0x10a4/0x2064\nlock_acquire+0x1e8/0x318\ndown_read+0x60/0x184\npcie_aspm_pm_state_change+0x58/0xdc\npci_set_full_power_state+0xa8/0x114\npci_set_power_state+0xc4/0x120\nqcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\npci_walk_bus+0x64/0xbc\nqcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.
See more information about CVE-2024-26605 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
