medium
5.5
CWE
667
Advisory Published
Updated

CVE-2024-49985: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

First published: Mon Oct 21 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex. This is because the clock controller first grabs the prepare_lock mutex and then performs the prepare operation, including its I2C access. The I2C access resumes this I2C bus controller via .runtime_resume callback, which calls clk_prepare_enable(), which attempts to grab the prepare_lock mutex again and deadlocks. Since the clock are already prepared since probe() and unprepared in remove(), use simple clk_enable()/clk_disable() calls to enable and disable the clock on runtime suspend and resume, to avoid hitting the prepare_lock mutex.

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel>=5.0<5.10.227
Linux Kernel>=5.11<5.15.168
Linux Kernel>=5.16<6.1.113
Linux Kernel>=6.2<6.6.55
Linux Kernel>=6.7<6.10.14
Linux Kernel>=6.11<6.11.3
Linux Kernel=6.12-rc1
debian/linux<=5.10.223-1<=5.10.226-1
6.1.123-1
6.1.128-1
6.12.12-1
6.12.15-1
debian/linux-6.1
6.1.119-1~deb11u1

Remedy

https://git.kernel.org/stable/c/048bbbdbf85e5e00258dfb12f5e368f908801d7b

Remedy

https://git.kernel.org/stable/c/1883cad2cc629ded4a3556c0bbb8b42533ad8764

Remedy

https://git.kernel.org/stable/c/22a1f8a5b56ba93d3e8b7a1dafa24e01c8bb48ba

Remedy

https://git.kernel.org/stable/c/894cd5f5fd9061983445bbd1fa3d81be43095344

Remedy

https://git.kernel.org/stable/c/9b8bc33ad64192f54142396470cc34ce539a8940

Remedy

https://git.kernel.org/stable/c/c2024b1a583ab9176c797ea1e5f57baf8d5e2682

Remedy

https://git.kernel.org/stable/c/fac3c9f7784e8184c0338e9f0877b81e55d3ef1c

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-49985?

    The severity of CVE-2024-49985 has not been explicitly classified, but it pertains to a vulnerability in the Linux kernel related to I2C bus controllers.

  • How do I fix CVE-2024-49985?

    To fix CVE-2024-49985, update to a patched version of the Linux kernel, such as 6.1.123-1 or other specified remedies in the vulnerability report.

  • Which Linux kernel versions are affected by CVE-2024-49985?

    CVE-2024-49985 affects Linux kernel versions between 5.0 and 6.12-rc1, specifically in ranges up to 5.15.168 and 6.6.55.

  • Is CVE-2024-49985 related to clock controllers?

    Yes, CVE-2024-49985 involves an issue where clock preparation and unpreparation may affect I2C bus controllers connected to certain clock controllers.

  • What could be a potential impact of CVE-2024-49985?

    Potential impacts of CVE-2024-49985 may include system instability or unexpected behavior in devices utilizing I2C bus communication during runtime suspend/resume.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203