CVE-2023-54259

Summary

In the Linux kernel, the following vulnerability has been resolved:

soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow

This reverts commit 443a98e649b4 ("soundwire: bus: use pm_runtime_resume_and_get()")

Change calls to pm_runtime_resume_and_get() back to pm_runtime_get_sync(). This fixes a usage count underrun caused by doing a pm_runtime_put() even though pm_runtime_resume_and_get() returned an error.

The three affected functions ignore -EACCES error from trying to get pm_runtime, and carry on, including a put at the end of the function. But pm_runtime_resume_and_get() does not increment the usage count if it returns an error. So in the -EACCES case you must not call pm_runtime_put().

The documentation for pm_runtime_get_sync() says: "Consider using pm_runtime_resume_and_get() … as this is likely to result in cleaner code."

In this case I don't think it results in cleaner code because the pm_runtime_put() at the end of the function would have to be conditional on the return value from pm_runtime_resume_and_get() at the top of the function.

pm_runtime_get_sync() doesn't have this problem because it always increments the count, so always needs a put. The code can just flow through and do the pm_runtime_put() unconditionally.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux443a98e649b469b4e6a2832799853a5764ef9002 < 4e5e9da139c007dfc397a159093b4c4187ee67faaffected
LinuxLinux443a98e649b469b4e6a2832799853a5764ef9002 < 203aa4374c433159f163acde2d0bd4118f23bbafaffected
LinuxLinux443a98e649b469b4e6a2832799853a5764ef9002 < e9537962519e88969f5f69cd0571eb4f6984403caffected
LinuxLinux5.19affected
LinuxLinux0 < 5.19unaffected
LinuxLinux6.1.30 <= 6.1.*unaffected
LinuxLinux6.3.4 <= 6.3.*unaffected
LinuxLinux6.4 <= *unaffected

Weaknesses

References