CVE-2024-27004: Linux Kernel Vulnerability in clk Resolved

Doug reported [1] the following hung task, which can lead to a classic ABBA deadlock. The problem arises when two threads are involved in walking the clock (clk) tree for runtime power management (PM) operations. The first thread holds the clk prepare_lock and tries to runtime PM resume a device while the second thread is resuming the same device but is waiting for the prepare_lock due to a deadlock.

... [Code snippet from the original post]

The deadlock can be fixed by ensuring that runtime PM operations on a device are never performed with the clk prepare_lock held. However, this is challenging to implement due to the possibility of changes in the clk tree. Most of the time, the issue is resolved by simply incrementing or decrementing the runtime PM count on an active device without any interference with the prepare_lock.

Original Reference - Doug's report

Vulnerability Type: ABBA Deadlock

- Impact: This vulnerability can lead to system hang, affecting the overall performance and stability of the system.
- Fixed Version: Linux kernel commit fixing the bug
- CVSS Score: 7.5 (High)

In summary, this vulnerability (CVE-2024-27004) affects the clk subsystem in the Linux kernel, leading to a deadlock that can cause system hangs. The fix involves proper handling of runtime PM operations without holding the clk prepare_lock. System administrators and users should apply the appropriate kernel updates to mitigate this vulnerability.

Additional Resources

- Linux kernel changelog
- Linux kernel mailing list discussion

Please note that the links provided may be subject to change as tracking and remediation efforts related to CVE-2024-27004 are continually updated. Make sure to consult the most recent sources for the latest information.

Timeline

Published on: 05/01/2024 06:15:18 UTC
Last modified on: 06/25/2024 22:15:27 UTC