cve/published/2024/CVE-2024-49985.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2024-49985: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

 In case there is any sort of clock controller attached to this I2C bus
 controller, for example Versaclock or even an AIC32x4 I2C codec, then
 an I2C transfer triggered from the clock controller clk_ops .prepare
 callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.

 This is because the clock controller first grabs the prepare_lock mutex
 and then performs the prepare operation, including its I2C access. The
 I2C access resumes this I2C bus controller via .runtime_resume callback,
 which calls clk_prepare_enable(), which attempts to grab the prepare_lock
 mutex again and deadlocks.

 Since the clock are already prepared since probe() and unprepared in
 remove(), use simple clk_enable()/clk_disable() calls to enable and
 disable the clock on runtime suspend and resume, to avoid hitting the
 prepare_lock mutex.

 The Linux kernel CVE team has assigned CVE-2024-49985 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 5.4.285 with commit d6f1250a4d5773f447740b9fe37b8692105796d4
 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 5.10.227 with commit 9b8bc33ad64192f54142396470cc34ce539a8940
 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 5.15.168 with commit 1883cad2cc629ded4a3556c0bbb8b42533ad8764
 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.1.113 with commit c2024b1a583ab9176c797ea1e5f57baf8d5e2682
 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.6.55 with commit 22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba
 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.10.14 with commit fac3c9f7784e8184c0338e9f0877b81e55d3ef1c
 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.11.3 with commit 894cd5f5fd9061983445bbd1fa3d81be43095344
 	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.12 with commit 048bbbdbf85e5e00258dfb12f5e368f908801d7b

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2024-49985
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/i2c/busses/i2c-stm32f7.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/d6f1250a4d5773f447740b9fe37b8692105796d4
 	https://git.kernel.org/stable/c/9b8bc33ad64192f54142396470cc34ce539a8940
 	https://git.kernel.org/stable/c/1883cad2cc629ded4a3556c0bbb8b42533ad8764
 	https://git.kernel.org/stable/c/c2024b1a583ab9176c797ea1e5f57baf8d5e2682
 	https://git.kernel.org/stable/c/22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba
 	https://git.kernel.org/stable/c/fac3c9f7784e8184c0338e9f0877b81e55d3ef1c
 	https://git.kernel.org/stable/c/894cd5f5fd9061983445bbd1fa3d81be43095344
 	https://git.kernel.org/stable/c/048bbbdbf85e5e00258dfb12f5e368f908801d7b
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2024-49985: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

	In case there is any sort of clock controller attached to this I2C bus
	controller, for example Versaclock or even an AIC32x4 I2C codec, then
	an I2C transfer triggered from the clock controller clk_ops .prepare
	callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.

	This is because the clock controller first grabs the prepare_lock mutex
	and then performs the prepare operation, including its I2C access. The
	I2C access resumes this I2C bus controller via .runtime_resume callback,
	which calls clk_prepare_enable(), which attempts to grab the prepare_lock
	mutex again and deadlocks.

	Since the clock are already prepared since probe() and unprepared in
	remove(), use simple clk_enable()/clk_disable() calls to enable and
	disable the clock on runtime suspend and resume, to avoid hitting the
	prepare_lock mutex.

	The Linux kernel CVE team has assigned CVE-2024-49985 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 5.4.285 with commit d6f1250a4d5773f447740b9fe37b8692105796d4
	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 5.10.227 with commit 9b8bc33ad64192f54142396470cc34ce539a8940
	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 5.15.168 with commit 1883cad2cc629ded4a3556c0bbb8b42533ad8764
	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.1.113 with commit c2024b1a583ab9176c797ea1e5f57baf8d5e2682
	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.6.55 with commit 22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba
	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.10.14 with commit fac3c9f7784e8184c0338e9f0877b81e55d3ef1c
	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.11.3 with commit 894cd5f5fd9061983445bbd1fa3d81be43095344
	Issue introduced in 5.0 with commit 4e7bca6fc07bf9526d797b9787dcb21e40cd10cf and fixed in 6.12 with commit 048bbbdbf85e5e00258dfb12f5e368f908801d7b

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2024-49985
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/i2c/busses/i2c-stm32f7.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/d6f1250a4d5773f447740b9fe37b8692105796d4
	https://git.kernel.org/stable/c/9b8bc33ad64192f54142396470cc34ce539a8940
	https://git.kernel.org/stable/c/1883cad2cc629ded4a3556c0bbb8b42533ad8764
	https://git.kernel.org/stable/c/c2024b1a583ab9176c797ea1e5f57baf8d5e2682
	https://git.kernel.org/stable/c/22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba
	https://git.kernel.org/stable/c/fac3c9f7784e8184c0338e9f0877b81e55d3ef1c
	https://git.kernel.org/stable/c/894cd5f5fd9061983445bbd1fa3d81be43095344
	https://git.kernel.org/stable/c/048bbbdbf85e5e00258dfb12f5e368f908801d7b