Executive Summary

Informations
Name CVE-2024-45029 First vendor Publication 2024-09-11
Vendor Cve Last vendor Modification 2024-09-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 5.5
Base Score 5.5 Environmental Score 5.5
impact SubScore 3.6 Temporal Score 5.5
Exploitabality Sub Score 1.8
 
Attack Vector Local Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

In the Linux kernel, the following vulnerability has been resolved:

i2c: tegra: Do not mark ACPI devices as irq safe

On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug:

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
...

Call trace:
__might_sleep
__mutex_lock_common
mutex_lock_nested
acpi_subsys_runtime_resume
rpm_resume
tegra_i2c_xfer

The problem arises because during __pm_runtime_resume(), the spinlock &dev->power.lock is acquired before rpm_resume() is called. Later, rpm_resume() invokes acpi_subsys_runtime_resume(), which relies on mutexes, triggering the error.

To address this issue, devices on ACPI are now marked as not IRQ-safe, considering the dependency of acpi_subsys_runtime_resume() on mutexes.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45029

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-667 Insufficient Locking

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Os 3602

Sources (Detail)

https://git.kernel.org/stable/c/14d069d92951a3e150c0a81f2ca3b93e54da913b
https://git.kernel.org/stable/c/2853e1376d8161b04c9ff18ba82b43f08a049905
https://git.kernel.org/stable/c/6861faf4232e4b78878f2de1ed3ee324ddae2287
https://git.kernel.org/stable/c/a89aef1e6cc43fa019a58080ed05c839e6c77876
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2024-10-03 02:53:37
  • Multiple Updates
2024-10-02 02:52:01
  • Multiple Updates
2024-09-14 21:29:45
  • Multiple Updates
2024-09-13 21:27:45
  • Multiple Updates
2024-09-11 21:27:24
  • First insertion