AZL-48811

See a problem?
Import Source
https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-48811.json
JSON Data
https://api.test.osv.dev/v1/vulns/AZL-48811
Upstream
Published
2024-08-08T09:15:08Z
Modified
2026-04-01T05:16:06.488078Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
CVE-2024-42253 affecting package kernel 5.15.200.1-1
Details

In the Linux kernel, the following vulnerability has been resolved:

gpio: pca953x: fix pca953xirqbussyncunlock race

Ensure that `i2clock' is held when setting interrupt latch and mask in pca953xirqbussync_unlock() in order to avoid races.

The other (non-probe) call site pca953xgpiosetmultiple() ensures the lock is held before calling pca953xwrite_regs().

The problem occurred when a request raced against irqbussync_unlock() approximately once per thousand reboots on an i.MX8MP based system.

  • Normal case

    0-0022: write register AI|3a {03,02,00,00,01} Input latch P0 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|12 {fc,00,00,00,00} Config P3

  • Race case

    0-0022: write register AI|08 {ff,00,00,00,00} Output P3 0-0022: write register AI|08 {03,02,00,00,01} *** Wrong register *** 0-0022: write register AI|12 {fc,00,00,00,00} Config P3 0-0022: write register AI|49 {fc,fd,ff,ff,fe} Interrupt mask P0

References

Affected packages

Azure Linux:2 / kernel

Package

Name
kernel
Purl
pkg:rpm/azure-linux/kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
5.15.200.1-1

Database specific

source 
"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-48811.json"