CVE-2021-47051 - Fixing PM Reference Leak in the Linux Kernel (spi: fsl-lpspi)

Recently, a vulnerability was discovered in the Linux kernel, specifically in the Serial Peripheral Interface (SPI) implementation for the Freescale/NXP lpspi controller. This vulnerability has now been resolved and is identified by its Common Vulnerabilities and Exposures (CVE) identifier as CVE-2021-47051. In this post, we'll discuss the details of the vulnerability, provide a code snippet of the fix, and recommend how users can apply the patch to secure their systems.

The Vulnerability: PM Reference Leak in lpspi_prepare_xfer_hardware()

The issue in question is a Power Management (PM) reference leak in the lpspi_prepare_xfer_hardware() function. When power management is enabled, the kernel uses a usage counter to track how many times a specific function has been called, ensuring that it will clean up resources when the last usage is terminated.

The vulnerability occurs due to an incorrect use of the pm_runtime_get_sync() function, which increments the usage counter regardless of whether it has succeeded or failed. Consequently, if software developers forget to perform the corresponding put operation, a reference leak occurs. This could potentially cause unwanted side effects like resource exhaustion or kernel crashes.

Fixing the Vulnerability

To address the problem in the Linux kernel, the pm_runtime_get_sync() function has been replaced with the pm_runtime_resume_and_get() function to ensure that the usage counter remains balanced during operation. Here is the code snippet detailing the fix in the lpspi_prepare_xfer_hardware() function:

int lpspi_prepare_xfer_hardware(struct spi_controller *controller)
{
    struct fsl_lpspi_data *fsl_lpspi_data = spi_controller_get_devdata(controller);
    int ret;

-   pm_runtime_get_sync(controller->dev.parent);
+   ret = pm_runtime_resume_and_get(controller->dev.parent);
+   if (ret < )
+       return ret;

    /* Do other necessary preparations like setting up registers and clocks */

    return ;
}

With this change in place, the kernel's SPI implementation for the Freescale/NXP lpspi controller should no longer be vulnerable to PM reference leaks. To secure affected systems, users should apply the appropriate patch to their Linux kernel.

For further information on this vulnerability and others, please refer to the following resources

1. The Linux kernel documentation, which provides invaluable information on kernel APIs, subsystems, and other essential topics: https://www.kernel.org/doc/html/latest/

2. The official CVE entry for CVE-2021-47051, which provides a brief description and other important basic information about the vulnerability: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47051

3. The Linux kernel Git repository, where you can find the complete history of kernel source code, including fixes for vulnerabilities like the one discussed in this post: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/

Conclusion

CVE-2021-47051 is a significant vulnerability in the Linux kernel, specifically in the SPI implementation for the Freescale/NXP lpspi controller. The vulnerability, a PM reference leak, has been resolved by replacing the pm_runtime_get_sync() function with pm_runtime_resume_and_get() to keep the usage counter balanced. By applying the appropriate patch, users can secure their systems and prevent potential negative outcomes resulting from this vulnerability.

Timeline

Published on: 02/28/2024 09:15:40 UTC
Last modified on: 05/29/2024 05:01:15 UTC