CVE-2024-26806
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-26806
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26806.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26806
- Downstream
- Published
- 2024-04-04T09:15:09Z
- Modified
- 2025-08-09T19:01:29Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
The ->runtimesuspend() and ->runtimeresume() callbacks are not expected to call spicontrollersuspend() and spicontrollerresume(). Remove calls to those in the cadence-qspi driver.
Those helpers have two roles currently: - They stop/start the queue, including dealing with the kworker. - They toggle the SPI controller SPICONTROLLERSUSPENDED flag. It requires acquiring ctlr->buslockmutex.
Step one is irrelevant because cadence-qspi is not queued. Step two however has two implications: - A deadlock occurs, because ->runtimeresume() is called in a context where the lock is already taken (in the ->execop() callback, where the usage count is incremented). - It would disallow all operations once the device is auto-suspended.
Here is a brief call tree highlighting the mutex deadlock:
spimemexecop() ... spimemaccessstart() mutexlock(&ctlr->buslock_mutex)
cqspi_exec_mem_op() pm_runtime_resume_and_get() cqspi_resume() spi_controller_resume() mutex_lock(&ctlr->bus_lock_mutex) ... spi_mem_access_end() mutex_unlock(&ctlr->bus_lock_mutex) ... - References