CVE-2024-27004
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-27004
CVE Details
| Release Date: | 2024-05-01 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nclk: Get runtime PM before walking tree during disable_unused\nDoug reported [1] the following hung task:\nINFO: task swapper/0:1 blocked for more than 122 seconds.\nNot tainted 5.15.149-21875-gf795ebc40eb8 #1\n'echo 0 > /proc/sys/kernel/hung_task_timeout_secs' disables this message.\ntask:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008\nCall trace:\n__switch_to+0xf4/0x1f4\n__schedule+0x418/0xb80\nschedule+0x5c/0x10c\nrpm_resume+0xe0/0x52c\nrpm_resume+0x178/0x52c\n__pm_runtime_resume+0x58/0x98\nclk_pm_runtime_get+0x30/0xb0\nclk_disable_unused_subtree+0x58/0x208\nclk_disable_unused_subtree+0x38/0x208\nclk_disable_unused_subtree+0x38/0x208\nclk_disable_unused_subtree+0x38/0x208\nclk_disable_unused_subtree+0x38/0x208\nclk_disable_unused+0x4c/0xe4\ndo_one_initcall+0xcc/0x2d8\ndo_initcall_level+0xa4/0x148\ndo_initcalls+0x5c/0x9c\ndo_basic_setup+0x24/0x30\nkernel_init_freeable+0xec/0x164\nkernel_init+0x28/0x120\nret_from_fork+0x10/0x20\nINFO: task kworker/u16:0:9 blocked for more than 122 seconds.\nNot tainted 5.15.149-21875-gf795ebc40eb8 #1\n'echo 0 > /proc/sys/kernel/hung_task_timeout_secs' disables this message.\ntask:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008\nWorkqueue: events_unbound deferred_probe_work_func\nCall trace:\n__switch_to+0xf4/0x1f4\n__schedule+0x418/0xb80\nschedule+0x5c/0x10c\nschedule_preempt_disabled+0x2c/0x48\n__mutex_lock+0x238/0x488\n__mutex_lock_slowpath+0x1c/0x28\nmutex_lock+0x50/0x74\nclk_prepare_lock+0x7c/0x9c\nclk_core_prepare_lock+0x20/0x44\nclk_prepare+0x24/0x30\nclk_bulk_prepare+0x40/0xb0\nmdss_runtime_resume+0x54/0x1c8\npm_generic_runtime_resume+0x30/0x44\n__genpd_runtime_resume+0x68/0x7c\ngenpd_runtime_resume+0x108/0x1f4\n__rpm_callback+0x84/0x144\nrpm_callback+0x30/0x88\nrpm_resume+0x1f4/0x52c\nrpm_resume+0x178/0x52c\n__pm_runtime_resume+0x58/0x98\n__device_attach+0xe0/0x170\ndevice_initial_probe+0x1c/0x28\nbus_probe_device+0x3c/0x9c\ndevice_add+0x644/0x814\nmipi_dsi_device_register_full+0xe4/0x170\ndevm_mipi_dsi_device_register_full+0x28/0x70\nti_sn_bridge_probe+0x1dc/0x2c0\nauxiliary_bus_probe+0x4c/0x94\nreally_probe+0xcc/0x2c8\n__driver_probe_device+0xa8/0x130\ndriver_probe_device+0x48/0x110\n__device_attach_driver+0xa4/0xcc\nbus_for_each_drv+0x8c/0xd8\n__device_attach+0xf8/0x170\ndevice_initial_probe+0x1c/0x28\nbus_probe_device+0x3c/0x9c\ndeferred_probe_work_func+0x9c/0xd8\nprocess_one_work+0x148/0x518\nworker_thread+0x138/0x350\nkthread+0x138/0x1e0\nret_from_fork+0x10/0x20\nThe first thread is walking the clk tree and calling\nclk_pm_runtime_get() to power on devices required to read the clk\nhardware via struct clk_ops::is_enabled(). This thread holds the clk\nprepare_lock, and is trying to runtime PM resume a device, when it finds\nthat the device is in the process of resuming so the thread schedule()s\naway waiting for the device to finish resuming before continuing. The\nsecond thread is runtime PM resuming the same device, but the runtime\nresume callback is calling clk_prepare(), trying to grab the\nprepare_lock waiting on the first thread.\nThis is a classic ABBA deadlock. To properly fix the deadlock, we must\nnever runtime PM resume or suspend a device with the clk prepare_lock\nheld. Actually doing that is near impossible today because the global\nprepare_lock would have to be dropped in the middle of the tree, the\ndevice runtime PM resumed/suspended, and then the prepare_lock grabbed\nagain to ensure consistency of the clk tree topology. If anything\nchanges with the clk tree in the meantime, we've lost and will need to\nstart the operation all over again.\nLuckily, most of the time we're simply incrementing or decrementing the\nruntime PM count on an active device, so we don't have the chance to\nschedule away with the prepare_lock held. Let's fix this immediate\nproblem that can be\n---truncated---
See more information about CVE-2024-27004 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 5.5 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | Low | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 9 (kernel) | ELSA-2024-9315 | 2024-11-14 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
