CVE-2024-42253

Summary

In the Linux kernel, the following vulnerability has been resolved:

gpio: pca953x: fix pca953x_irq_bus_sync_unlock race

Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races.

The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs().

The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system.

  • Normal case

    0-0022: write register AI|3a {03,02,00,00,01} Input latch P0 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|12 {fc,00,00,00,00} Config P3

  • Race case

    0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register *** 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0

Affected Software

VendorProductVersion RangeStatus
LinuxLinux44896beae605b93f2232301befccb7ef42953198 < 58a5c93bd1a6e949267400080f07e57ffe05ec34affected
LinuxLinux44896beae605b93f2232301befccb7ef42953198 < e2ecdddca80dd845df42376e4b0197fe97018ba2affected
LinuxLinux44896beae605b93f2232301befccb7ef42953198 < de7cffa53149c7b48bd1bb29b02390c9f05b7f41affected
LinuxLinux44896beae605b93f2232301befccb7ef42953198 < bfc6444b57dc7186b6acc964705d7516cbaf3904affected
LinuxLinux4.7affected
LinuxLinux0 < 4.7unaffected
LinuxLinux6.1.101 <= 6.1.*unaffected
LinuxLinux6.6.42 <= 6.6.*unaffected
LinuxLinux6.9.11 <= 6.9.*unaffected
LinuxLinux6.10 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References