ghsa-8fcf-qpcm-frcf
Vulnerability from github
Published
2024-12-27 15:31
Modified
2025-01-16 18:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: imx: gpcv2: Adjust delay after power up handshake

The udelay(5) is not enough, sometimes below kernel panic still be triggered:

[ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt [ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1 [ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT) [ 4.012985] Call trace: [...] [ 4.013029] arm64_serror_panic+0x64/0x70 [ 4.013034] do_serror+0x3c/0x70 [ 4.013039] el1h_64_error_handler+0x30/0x54 [ 4.013046] el1h_64_error+0x64/0x68 [ 4.013050] clk_imx8mp_audiomix_runtime_resume+0x38/0x48 [ 4.013059] __genpd_runtime_resume+0x30/0x80 [ 4.013066] genpd_runtime_resume+0x114/0x29c [ 4.013073] __rpm_callback+0x48/0x1e0 [ 4.013079] rpm_callback+0x68/0x80 [ 4.013084] rpm_resume+0x3bc/0x6a0 [ 4.013089] __pm_runtime_resume+0x50/0x9c [ 4.013095] pm_runtime_get_suppliers+0x60/0x8c [ 4.013101] __driver_probe_device+0x4c/0x14c [ 4.013108] driver_probe_device+0x3c/0x120 [ 4.013114] __driver_attach+0xc4/0x200 [ 4.013119] bus_for_each_dev+0x7c/0xe0 [ 4.013125] driver_attach+0x24/0x30 [ 4.013130] bus_add_driver+0x110/0x240 [ 4.013135] driver_register+0x68/0x124 [ 4.013142] __platform_driver_register+0x24/0x30 [ 4.013149] sdma_driver_init+0x20/0x1000 [imx_sdma] [ 4.013163] do_one_initcall+0x60/0x1e0 [ 4.013168] do_init_module+0x5c/0x21c [ 4.013175] load_module+0x1a98/0x205c [ 4.013181] init_module_from_file+0x88/0xd4 [ 4.013187] __arm64_sys_finit_module+0x258/0x350 [ 4.013194] invoke_syscall.constprop.0+0x50/0xe0 [ 4.013202] do_el0_svc+0xa8/0xe0 [ 4.013208] el0_svc+0x3c/0x140 [ 4.013215] el0t_64_sync_handler+0x120/0x12c [ 4.013222] el0t_64_sync+0x190/0x194 [ 4.013228] SMP: stopping secondary CPUs

The correct way is to wait handshake, but it needs BUS clock of BLK-CTL be enabled, which is in separate driver. So delay is the only option here. The udelay(10) is a data got by experiment.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-56618"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-27T15:15:21Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx: gpcv2: Adjust delay after power up handshake\n\nThe udelay(5) is not enough, sometimes below kernel panic\nstill be triggered:\n\n[    4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt\n[    4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1\n[    4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT)\n[    4.012985] Call trace:\n[...]\n[    4.013029]  arm64_serror_panic+0x64/0x70\n[    4.013034]  do_serror+0x3c/0x70\n[    4.013039]  el1h_64_error_handler+0x30/0x54\n[    4.013046]  el1h_64_error+0x64/0x68\n[    4.013050]  clk_imx8mp_audiomix_runtime_resume+0x38/0x48\n[    4.013059]  __genpd_runtime_resume+0x30/0x80\n[    4.013066]  genpd_runtime_resume+0x114/0x29c\n[    4.013073]  __rpm_callback+0x48/0x1e0\n[    4.013079]  rpm_callback+0x68/0x80\n[    4.013084]  rpm_resume+0x3bc/0x6a0\n[    4.013089]  __pm_runtime_resume+0x50/0x9c\n[    4.013095]  pm_runtime_get_suppliers+0x60/0x8c\n[    4.013101]  __driver_probe_device+0x4c/0x14c\n[    4.013108]  driver_probe_device+0x3c/0x120\n[    4.013114]  __driver_attach+0xc4/0x200\n[    4.013119]  bus_for_each_dev+0x7c/0xe0\n[    4.013125]  driver_attach+0x24/0x30\n[    4.013130]  bus_add_driver+0x110/0x240\n[    4.013135]  driver_register+0x68/0x124\n[    4.013142]  __platform_driver_register+0x24/0x30\n[    4.013149]  sdma_driver_init+0x20/0x1000 [imx_sdma]\n[    4.013163]  do_one_initcall+0x60/0x1e0\n[    4.013168]  do_init_module+0x5c/0x21c\n[    4.013175]  load_module+0x1a98/0x205c\n[    4.013181]  init_module_from_file+0x88/0xd4\n[    4.013187]  __arm64_sys_finit_module+0x258/0x350\n[    4.013194]  invoke_syscall.constprop.0+0x50/0xe0\n[    4.013202]  do_el0_svc+0xa8/0xe0\n[    4.013208]  el0_svc+0x3c/0x140\n[    4.013215]  el0t_64_sync_handler+0x120/0x12c\n[    4.013222]  el0t_64_sync+0x190/0x194\n[    4.013228] SMP: stopping secondary CPUs\n\nThe correct way is to wait handshake, but it needs BUS clock of\nBLK-CTL be enabled, which is in separate driver. So delay is the\nonly option here. The udelay(10) is a data got by experiment.",
  "id": "GHSA-8fcf-qpcm-frcf",
  "modified": "2025-01-16T18:30:59Z",
  "published": "2024-12-27T15:31:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56618"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2379fb937de5333991c567eefd7d11b98977d059"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a63907c8c712414643b597debcd09d16b6827b23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.