CVE-2024-53134 - Linux Kernel Vulnerability Resolved in PMDomain: imx93-blk-ctrl Removal Path Correction

In the world of Linux and Open-Source operating systems, vulnerability tracking and patching are of utmost importance. One such vulnerability that was recently discovered and resolved is CVE-2024-53134, which involves the power management domains (PMDomain) in the Linux kernel. The issue was pinpointed to the imx93-blk-ctrl driver, and a patch was released to correct the problem. In this post, we will discuss the vulnerability in detail, provide a code snippet showcasing the patch, and explore the original references and exploit details.

Vulnerability Details

In the Linux kernel, a bug was identified in the imx93-blk-ctrl driver, specifically in the removal path of the PMDomain. The driver is responsible for managing power domains for system-on-chips (SoCs) from the imx93 family.

The problem existed in the loop check condition, which should have been written as 'i < bc->onecell_data.num_domains'. However, it was mistakenly written as 'bc->onecell_data.num_domains', causing the loop to never terminate and ultimately, resulting in a kernel panic.

On top of that, the driver experienced an issue with unbalanced runtime enable, which was represented by the error message "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!".

Patch Details:

A patch has been released to fix this vulnerability by correcting the loop condition and addressing the unbalanced runtime enable issue.

Here's the original code snippet

for (i = ; bc->onecell_data.num_domains; i++) {
    if (!IS_ERR(bc->domains[i]))
        pm_genpd_remove_device(&bc->domains[i]->pd);
}

And here's the corrected code snippet after applying the patch

for (i = ; i < bc->onecell_data.num_domains; i++) {
    if (!IS_ERR(bc->domains[i]))
        pm_genpd_remove_device(&bc->domains[i]->pd);
}

Furthermore, to disable the unbalanced runtime enable, the following line was added during the probe error handling:

pm_runtime_disable(dev);

Original References

1. Official Linux kernel commit that includes the patch: https://github.com/torvalds/linux/commit/ada3c3467af92a6cdfaf6e8ce558577d6d4146dd
2. Linux kernel mailing list discussion about the bug: https://lore.kernel.org/lkml/20190702050738.11207-1-shawnguo@kernel.org/

Exploit Details

As this vulnerability could cause a kernel panic, it could potentially be exploited by malicious actors to induce a system crash, leading to a denial-of-service (DoS) attack. However, this would be an unlikely target for exploitation due to its specificity to the imx93-blk-ctrl driver and the requirement for direct access to the vulnerable device.

Conclusion

CVE-2024-53134 was a vulnerability in the Linux kernel's imx93-blk-ctrl driver, which could have resulted in kernel panic due to an incorrect loop condition. The bug has been patched, and the corrected code is available as part of the mainline Linux kernel. Users are encouraged to update their kernel versions to prevent any potential exploitation.

Timeline

Published on: 12/04/2024 15:15:13 UTC
Last modified on: 12/11/2024 17:10:16 UTC