CVE-2024-56625

Summary

In the Linux kernel, the following vulnerability has been resolved:

can: dev: can_set_termination(): allow sleeping GPIOs

In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added.

For no particular reason that patch uses gpiod_set_value() to set the GPIO. This leads to the following warning, if the systems uses a sleeping GPIO, i.e. behind an I2C port expander:

| WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c | CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c

Replace gpiod_set_value() by gpiod_set_value_cansleep() to allow the use of sleeping GPIOs.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux6e86a1543c378f2e8837ad88f361b7bf606c80f7 < faa0a1975a6fbce30616775216606eb8d6388ea1affected
LinuxLinux6e86a1543c378f2e8837ad88f361b7bf606c80f7 < 46637a608fb1ee871a0ad8bf70d917d5d95ac251affected
LinuxLinux6e86a1543c378f2e8837ad88f361b7bf606c80f7 < 1ac442f25c19953d2f33b92549628b0aeac83db6affected
LinuxLinux6e86a1543c378f2e8837ad88f361b7bf606c80f7 < 3b0c5bb437d31a9864f633b85cbc42d2f6c51c96affected
LinuxLinux6e86a1543c378f2e8837ad88f361b7bf606c80f7 < ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5affected
LinuxLinux5.15affected
LinuxLinux0 < 5.15unaffected
LinuxLinux5.15.174 <= 5.15.*unaffected
LinuxLinux6.1.120 <= 6.1.*unaffected
LinuxLinux6.6.66 <= 6.6.*unaffected
LinuxLinux6.12.5 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References