Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2024-27002

HistoryMay 01, 2024 - 6:15 a.m.

CVE-2024-27002

2024-05-0106:15:18

Debian Security Bug Tracker

security-tracker.debian.org

linux kernel

cve-2024-27002

deadlock

mediatek clock

probe

mt8183

mt8192

chromebooks

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock –> clk_prepare_lock genpd_power_off_work_fn() genpd_lock() generic_pm_domain::power_off() clk_unprepare() clk_prepare_lock() CPU1: clk_prepare_lock –> genpd_lock clk_register() __clk_core_init() clk_prepare_lock() clk_pm_runtime_get() genpd_lock() Do a runtime PM get at the probe function to make sure clk_register() won’t acquire the genpd lock. Instead of only modifying mt8183-mfgcfg, do this on all mediatek clock controller probings because we don’t believe this would cause any regression. Verified on MT8183 and MT8192 Chromebooks.

OSVersionArchitecturePackageVersionFilename
Debian12alllinux< 6.1.90-1linux_6.1.90-1_all.deb
Debian11alllinux<= 5.10.218-1linux_5.10.218-1_all.deb
Debian999alllinux< 6.8.9-1linux_6.8.9-1_all.deb
Debian13alllinux< 6.8.9-1linux_6.8.9-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	linux	< 6.1.90-1	linux_6.1.90-1_all.deb
Debian	11	all	linux	<= 5.10.218-1	linux_5.10.218-1_all.deb
Debian	999	all	linux	< 6.8.9-1	linux_6.8.9-1_all.deb
Debian	13	all	linux	< 6.8.9-1	linux_6.8.9-1_all.deb