CVE-2024-43098: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
First published: Sat Jan 11 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock A deadlock may happen since the i3c_master_register() acquires &i3cbus->lock twice. See the log below. Use i3cdev->desc->info instead of calling i3c_device_info() to avoid acquiring the lock twice. v2: - Modified the title and commit message ============================================ WARNING: possible recursive locking detected 6.11.0-mainline -------------------------------------------- init/1 is trying to acquire lock: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_bus_normaluse_lock but task is already holding lock: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&i3cbus->lock); lock(&i3cbus->lock); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by init/1: #0: fcffff809b6798f8 (&dev->mutex){....}-{3:3}, at: __driver_attach #1: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register stack backtrace: CPU: 6 UID: 0 PID: 1 Comm: init Call trace: dump_backtrace+0xfc/0x17c show_stack+0x18/0x28 dump_stack_lvl+0x40/0xc0 dump_stack+0x18/0x24 print_deadlock_bug+0x388/0x390 __lock_acquire+0x18bc/0x32ec lock_acquire+0x134/0x2b0 down_read+0x50/0x19c i3c_bus_normaluse_lock+0x14/0x24 i3c_device_get_info+0x24/0x58 i3c_device_uevent+0x34/0xa4 dev_uevent+0x310/0x384 kobject_uevent_env+0x244/0x414 kobject_uevent+0x14/0x20 device_add+0x278/0x460 device_register+0x20/0x34 i3c_master_register_new_i3c_devs+0x78/0x154 i3c_master_register+0x6a0/0x6d4 mtk_i3c_master_probe+0x3b8/0x4d8 platform_probe+0xa0/0xe0 really_probe+0x114/0x454 __driver_probe_device+0xa0/0x15c driver_probe_device+0x3c/0x1ac __driver_attach+0xc4/0x1f0 bus_for_each_dev+0x104/0x160 driver_attach+0x24/0x34 bus_add_driver+0x14c/0x294 driver_register+0x68/0x104 __platform_driver_register+0x20/0x30 init_module+0x20/0xfe4 do_one_initcall+0x184/0x464 do_init_module+0x58/0x1ec load_module+0xefc/0x10c8 __arm64_sys_finit_module+0x238/0x33c invoke_syscall+0x58/0x10c el0_svc_common+0xa8/0xdc do_el0_svc+0x1c/0x28 el0_svc+0x50/0xac el0t_64_sync_handler+0x70/0xbc el0t_64_sync+0x1a8/0x1ac
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | >=5.0<5.4.287 | |
| Linux Kernel | >=5.5<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.66 | |
| Linux Kernel | >=6.7<6.12.5 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.133-1 6.12.22-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/9a2173660ee53d5699744f02e6ab7bf89fcd0b1a
- https://git.kernel.org/stable/c/5ac1dd51aaa0ce8b5421d1137e857955a4b6f55e
- https://git.kernel.org/stable/c/2d98fa2a50b8058de52ada168fa5dbabb574711b
- https://git.kernel.org/stable/c/816187b1833908941286e71b0041059a4acd52ed
- https://git.kernel.org/stable/c/ffe19e363c6f8b992ba835a361542568dea17409
- https://git.kernel.org/stable/c/1f51ae217d09c361ede900b94735a6d2df6c0344
- https://git.kernel.org/stable/c/6cf7b65f7029914dc0cd7db86fac9ee5159008c6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43098
- https://nvd.nist.gov/vuln/detail/CVE-2024-43098
- https://launchpad.net/bugs/cve/CVE-2024-43098
- https://security-tracker.debian.org/tracker/CVE-2024-43098
- https://ubuntu.com/security/CVE-2024-43098
- https://git.kernel.org/linus/6cf7b65f7029914dc0cd7db86fac9ee5159008c6
Frequently Asked Questions
What is the severity of CVE-2024-43098?
CVE-2024-43098 has been classified with a severity level that indicates a potential deadlock issue in Linux kernel operations.
How does CVE-2024-43098 affect the Linux kernel?
CVE-2024-43098 can cause a deadlock scenario due to the i3c_master_register function acquiring a lock multiple times.
How can I fix CVE-2024-43098?
To resolve CVE-2024-43098, update the Linux kernel to the latest version where this vulnerability has been addressed.
Which versions of the Linux kernel are affected by CVE-2024-43098?
CVE-2024-43098 affects various versions of the Linux kernel including those between 5.0 to 5.4.287, 5.5 to 5.10.231, and numerous others up to 6.12.5.
Is there a workaround for CVE-2024-43098?
There are no publicly documented workarounds for CVE-2024-43098, and applying updates is the recommended approach.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/source
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.0
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- package-manager/debian