Recently, a significant vulnerability has been resolved in the Linux kernel that deals with the "usb: dwc3-am62" module. This issue has been assigned the CVE number CVE-2024-26963. The problem caused the module to display an incorrect behavior when unloaded or reloaded, which could lead to potential security risks and system instability.

In this post, we are going to look deeper into this vulnerability, take a look at the code snippet involved in the fix, and go through the original references that led to the fix. Finally, we will discuss the exploit details and potential consequences of this vulnerability if not patched.

For a complete understanding of the problem, have a look at the following code snippet

static int dwc3_am65_remove(struct platform_device *pdev)
{
    struct dwc3_ti *dwc3_ti = platform_get_drvdata(pdev);

    pm_runtime_get_sync(dwc3_ti->dev);
    dwc3_ti->refclk = NULL;
    pm_runtime_put_sync(dwc3_ti->dev);

    return ;
}

The problem arose when runtime Power Management (PM) was enabled, causing the module to be runtime suspended when the .remove() function was called. To resolve this issue, a pm_runtime_get_sync() function call was added in the dwc3_am65_remove() function. This makes sure the module is active before performing any register operations. The subsequent pm_runtime_put_sync() call should then disable the reference clock, eliminating the need to disable it separately.

With this fix, the Linux kernel now shows a proper behavior when unloading or reloading the "usb: dwc3-am62" module, preventing the warning message that was shown upon module removal:

[   39.705310] ------------[ cut here ]------------
[   39.710004] clk:162:3 already disabled
[   39.713941] WARNING: CPU:  PID: 921 at drivers/clk/clk.c:109 clk_core_disable+xb/xb8

Another integral part of the fix was the replacement of dwc3_ti_remove_core() function with of_platform_depopulate(). This change makes sure that the module is properly cleaned up when removed and allows for a seamless reload.

Original references for this vulnerability fix can be found at the Linux Kernel Git Repository.

Exploit details

Before this fix, if an attacker was able to exploit the improper behavior of the "usb: dwc3-am62" module, they could potentially cause a system crash or gain unauthorized access to sensitive data. Moreover, the warning message produced during the module removal could serve as an indication for attackers to focus their exploitation efforts on this particular vulnerability.

With the implementation of the fix (CVE-2024-26963), system administrators and users can be more confident that this module will not be a potential security risk or source of instability in the Linux kernel. It is essential for users to keep their systems up-to-date with the latest security patches, including this one, to safeguard their data and maintain system stability.

In conclusion, the CVE-2024-26963 vulnerability in the Linux kernel left systems open to potential security risks and instability due to the incorrect behavior of the "usb: dwc3-am62" module. The recent fix ensures proper module unloading/reloading and eliminates warning messages that could attract attackers. Users are encouraged to keep their systems updated with the latest security patches to maintain the security and stability of their Linux installations.

Timeline

Published on: 05/01/2024 06:15:12 UTC
Last modified on: 05/29/2024 05:25:57 UTC