In the Linux kernel, a vulnerability has been identified and resolved relating to a deadlock in the MCP251x driver for the Controller Area Network (CAN) subsystem. The vulnerability is tied to the mcp251x_open() function when an interrupt occurs, leading to a deadlock situation.

The vulnerability has been assigned the identifier of CVE-2024-46791, and this article will provide an overview of the issue, code snippets demonstrating the problem, links to original references, and details on the exploit.

Overview of the Issue

The issue stems from the mcp251x_hw_wake() function being called with the mcp_lock mutex held and disabling the interrupt handler. No interrupts can be processed while the device is being woken, leading to a deadlock if an interrupt has already occurred.

The following code snippet highlights the problem

CPU                           CPU1
mcp251x_open()
 mutex_lock(&priv->mcp_lock)
  request_threaded_irq()
                               <interrupt>
                               mcp251x_can_ist()
                                mutex_lock(&priv->mcp_lock)
  mcp251x_hw_wake()
   disable_irq() <-- deadlock

Proposed Solution

To resolve the issue, it is suggested to use disable_irq_nosync() instead of disable_irq() because the interrupt handler implements all its operations while holding the mutex. Hence, it doesn't matter if it's still running.

  mcp251x_hw_wake()
   disable_irq_nosync() <-- resolves deadlock

By implementing this change, the deadlock problem will be resolved, allowing the Linux kernel to handle interrupts properly for the MCP251x driver.

For more information on this vulnerability, please refer to the following references

- Official CVE Record for CVE-2024-46791
- Linux Kernel Mailing List post discussing the issue
- Linux Kernel Mailing List post with the proposed change

While there are currently no known exploits for this vulnerability, it is highly recommended that users apply the proposed changes to their Linux kernels to mitigate the risk of deadlock scenarios in the MCP251x driver.

In conclusion, CVE-2024-46791 highlights a deadlock issue in the Linux kernel's MCP251x driver that can be resolved by updating the mcp251x_hw_wake() function to use disable_irq_nosync() instead of disable_irq(). Ensure you apply the proper changes to safeguard your kernel against any potential risks associated with this vulnerability.

Timeline

Published on: 09/18/2024 08:15:06 UTC
Last modified on: 09/20/2024 18:21:19 UTC