CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D
First published: Fri Nov 08 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D For i.MX7D DRAM related mux clock, the clock source change should ONLY be done done in low level asm code without accessing DRAM, and then calling clk API to sync the HW clock status with clk tree, it should never touch real clock source switch via clk API, so CLK_SET_PARENT_GATE flag should NOT be added, otherwise, DRAM's clock parent will be disabled when DRAM is active, and system will hang.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | <5.10.227 | |
| Linux Kernel | >=5.11<5.15.168 | |
| Linux Kernel | >=5.16<6.1.113 | |
| Linux Kernel | >=6.2<6.6.57 | |
| Linux Kernel | >=6.7<6.11.4 | |
| debian/linux | <=5.10.223-1<=5.10.226-1 | 6.1.123-1 6.1.128-1 6.12.12-1 6.12.13-1 |
| debian/linux-6.1 | 6.1.119-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/11ceb17e6f07cc30410f3a6276cddda248a9b863
- https://git.kernel.org/stable/c/339273a9ddfe7632b717c2e13e81cbd5d383e1ff
- https://git.kernel.org/stable/c/94f6cdc837e38371324cee97dfd2ef1a99a82c98
- https://git.kernel.org/stable/c/a54c441b46a0745683c2eef5a359d22856d27323
- https://git.kernel.org/stable/c/b677b94a9193ec7b6607bd1255172ae59174a382
- https://git.kernel.org/stable/c/d18dc8e14b9c794f58dae1577ccb2ab84a4a1b11
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50181
- https://nvd.nist.gov/vuln/detail/CVE-2024-50181
- https://launchpad.net/bugs/cve/CVE-2024-50181
- https://security-tracker.debian.org/tracker/CVE-2024-50181
- https://ubuntu.com/security/CVE-2024-50181
- https://git.kernel.org/linus/a54c441b46a0745683c2eef5a359d22856d27323
Frequently Asked Questions
What is the severity of CVE-2024-50181?
CVE-2024-50181 has a medium severity rating due to potential risks associated with improper clock source changes in the Linux kernel.
What versions of the Linux kernel are affected by CVE-2024-50181?
CVE-2024-50181 affects versions of the Linux kernel up to 5.10.227 and between 5.11 and 6.6.57.
How do I fix CVE-2024-50181?
To fix CVE-2024-50181, upgrade to version 6.1.123-1, 6.1.119-1, 6.12.10-1, or 6.12.11-1 of the Linux package.
What is the nature of the vulnerability described in CVE-2024-50181?
CVE-2024-50181 involves improper handling of clock source changes for the i.MX7D DRAM related mux clock in the Linux kernel.
Is there a workaround for CVE-2024-50181?
Currently, there is no documented workaround for CVE-2024-50181, and it is recommended to apply the available patches.
- agent/title
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/references
- agent/author
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/source
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- package-manager/debian