A recent Linux kernel vulnerability has been resolved, addressing an issue found in the IOMMU/Mediatek. The vulnerability is identified as CVE-2021-47025. This post provides an overview of the vulnerability, along with code snippets, original references, and exploit details.

The vulnerability was found in the Linux kernel's iommu/mediatek component, specifically in the mtk_iommu_runtime_resume:

iommu/mediatek: Always enable the clk on resume

In mtk_iommu_runtime_resume always enable the clk, even
if m4u_dom is null. Otherwise the 'suspend' cb might
disable the clk which is already disabled causing the warning:

[ 1.586104] infra_m4u already disabled
[ 1.586133] WARNING: CPU:  PID: 121 at drivers/clk/clk.c:952 clk_core_disable+xb/xb8
...

The warning was caused by an issue where the clock (clk) might have been disabled while it was already disabled. The resolution involved always enabling the clock, even if the 'm4u_dom' is null.

With this fix in place, there is no longer a need to enable the clock from the mtk_iommu_hw_init function since it will already be enabled by the resume.

Original references related to this vulnerability and its resolution can be found in the Linux kernel commit logs, specifically at the following link:

- Linux kernel git commit

Exploiting this vulnerability would have required an attacker to gain access to vulnerable systems and execute malicious code, potentially causing denial of service or other unintended behavior.

As always, it is essential to keep your operating systems and software up-to-date to ensure protection against known vulnerabilities. Patching CVE-2021-47025 can be done by updating your Linux kernel to include the commit mentioned earlier, or by checking your distribution's update mechanism for available patches.

In summary, CVE-2021-47025 addresses a vulnerability in the Linux kernel's iommu/mediatek component that could potentially cause system instability and denial of service attacks. By always enabling the clock in the mtk_iommu_runtime_resume function, this issue has been resolved, mitigating the risk associated with this vulnerability. Keep your systems up-to-date and protected by applying the relevant patches and maintaining updated security measures.

Timeline

Published on: 02/28/2024 09:15:39 UTC
Last modified on: 12/06/2024 18:52:52 UTC