CVE-2024-27002 — Improper Locking in Linux
Severity
5.5MEDIUMNVD
OSV6.8
EPSS
0.0%
top 96.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 1
Latest updateJul 26
Description
In the Linux kernel, the following vulnerability has been resolved:
clk: mediatek: Do a runtime PM get on controllers during probe
mt8183-mfgcfg has a mutual dependency with genpd during the probing
stage, which leads to a deadlock in the following call stack:
CPU0: genpd_lock --> clk_prepare_lock
genpd_power_off_work_fn()
genpd_lock()
generic_pm_domain::power_off()
clk_unprepare()
clk_prepare_lock()
CPU1: clk_prepare_lock --> genpd_lock
clk_register()
__clk_core_init()
clk_prepare_lock()
cl…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages15 packages
▶CVEListV5linux/linuxacddfc2c261b3653ab1c1b567a427299bac20d31 — 165d226472575b213dd90dfda19d1605dd7c19a8+4
Patches
🔴Vulnerability Details
6OSV▶
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities↗2024-07-11
OSV▶
CVE-2024-27002: In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a↗2024-05-01
📋Vendor Advisories
7💬Community
1Bugzilla
▶