AZL-42271

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42271.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-42271

Upstream

CVE-2024-35997

Published

2024-05-20T10:15:13Z

Modified

2026-04-01T05:14:43.837103Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-35997 affecting package kernel for versions less than 5.15.158.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

HID: i2c-hid: remove I2CHIDREAD_PENDING flag to prevent lock-up

The flag I2CHIDREAD_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking for that.

More importantly, this flag can cause a lock-up: if the flag is set in i2chidxfer() and an interrupt happens, the interrupt handler (i2chidirq) will check this flag and return immediately without doing anything, then the interrupt handler will be invoked again in an infinite loop.

Since interrupt handler is an RT task, it takes over the CPU and the flag-clearing task never gets scheduled, thus we have a lock-up.

Delete this unnecessary flag.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-35997

Affected packages

Azure Linux:2 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.15.158.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42271.json"