AZL-49212

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49212.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-49212

Upstream

CVE-2024-45029

Published

2024-09-11T16:15:07Z

Modified

2026-04-01T05:17:20.064069Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2024-45029 affecting package kernel for versions less than 6.6.51.1-1

Details

In the Linux kernel, the following vulnerability has been resolved:

i2c: tegra: Do not mark ACPI devices as irq safe

On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug:

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
...

Call trace:
__might_sleep
__mutex_lock_common
mutex_lock_nested
acpi_subsys_runtime_resume
rpm_resume
tegra_i2c_xfer

The problem arises because during _pmruntimeresume(), the spinlock &dev->power.lock is acquired before rpmresume() is called. Later, rpmresume() invokes acpisubsysruntimeresume(), which relies on mutexes, triggering the error.

To address this issue, devices on ACPI are now marked as not IRQ-safe, considering the dependency of acpisubsysruntime_resume() on mutexes.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-45029

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.51.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-49212.json"