In the Linux kernel, the following vulnerability has been resolved:
gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
Ensure that `i2c_lock' is held when setting interrupt latch and mask in
pca953x_irq_bus_sync_unlock() in order to avoid races.
The other (non-probe) call site pca953x_gpio_set_multiple() ensures the
lock is held before calling pca953x_write_regs().
The problem occurred when a request raced against irq_bus_sync_unlock()
approximately once per thousand reboots on an i.MX8MP based system.
* Normal case
0-0022: write register AI|3a {03,02,00,00,01} Input latch P0
0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0
0-0022: write register AI|08 {ff,00,00,00,00} Output P3
0-0022: write register AI|12 {fc,00,00,00,00} Config P3
* Race case
0-0022: write register AI|08 {ff,00,00,00,00} Output P3
0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register ***
0-0022: write register AI|12 {fc,00,00,00,00} Config P3
0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0
References
Configurations
Configuration 1 (hide)
|
History
06 Sep 2024, 13:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 - Patch | |
References | () https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904 - Patch | |
References | () https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41 - Patch | |
References | () https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2 - Patch | |
CPE | cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:* |
|
CWE | CWE-667 | |
First Time |
Linux linux Kernel
Linux |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.7 |
08 Aug 2024, 13:04
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Aug 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-08 09:15
Updated : 2024-09-06 13:38
NVD link : CVE-2024-42253
Mitre link : CVE-2024-42253
CVE.ORG link : CVE-2024-42253
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-667
Improper Locking