CVE-2024-56618

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-56618
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56618.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-56618
Downstream
Related
Published
2024-12-27T14:51:22.592Z
Modified
2025-11-20T07:01:18.232061Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
pmdomain: imx: gpcv2: Adjust delay after power up handshake
Details

In the Linux kernel, the following vulnerability has been resolved:

pmdomain: imx: gpcv2: Adjust delay after power up handshake

The udelay(5) is not enough, sometimes below kernel panic still be triggered:

[ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt [ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1 [ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT) [ 4.012985] Call trace: [...] [ 4.013029] arm64serrorpanic+0x64/0x70 [ 4.013034] doserror+0x3c/0x70 [ 4.013039] el1h64errorhandler+0x30/0x54 [ 4.013046] el1h64error+0x64/0x68 [ 4.013050] clkimx8mpaudiomixruntimeresume+0x38/0x48 [ 4.013059] _genpdruntimeresume+0x30/0x80 [ 4.013066] genpdruntimeresume+0x114/0x29c [ 4.013073] _rpmcallback+0x48/0x1e0 [ 4.013079] rpmcallback+0x68/0x80 [ 4.013084] rpmresume+0x3bc/0x6a0 [ 4.013089] _pmruntimeresume+0x50/0x9c [ 4.013095] pmruntimegetsuppliers+0x60/0x8c [ 4.013101] _driverprobedevice+0x4c/0x14c [ 4.013108] driverprobedevice+0x3c/0x120 [ 4.013114] _driverattach+0xc4/0x200 [ 4.013119] busforeachdev+0x7c/0xe0 [ 4.013125] driverattach+0x24/0x30 [ 4.013130] busadddriver+0x110/0x240 [ 4.013135] driverregister+0x68/0x124 [ 4.013142] _platformdriverregister+0x24/0x30 [ 4.013149] sdmadriverinit+0x20/0x1000 [imxsdma] [ 4.013163] dooneinitcall+0x60/0x1e0 [ 4.013168] doinitmodule+0x5c/0x21c [ 4.013175] loadmodule+0x1a98/0x205c [ 4.013181] initmodulefromfile+0x88/0xd4 [ 4.013187] _arm64sysfinitmodule+0x258/0x350 [ 4.013194] invokesyscall.constprop.0+0x50/0xe0 [ 4.013202] doel0svc+0xa8/0xe0 [ 4.013208] el0svc+0x3c/0x140 [ 4.013215] el0t64synchandler+0x120/0x12c [ 4.013222] el0t64sync+0x190/0x194 [ 4.013228] SMP: stopping secondary CPUs

The correct way is to wait handshake, but it needs BUS clock of BLK-CTL be enabled, which is in separate driver. So delay is the only option here. The udelay(10) is a data got by experiment.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e8dc41afca161b988e6d462f4d0803d247e22250
Fixed
a63907c8c712414643b597debcd09d16b6827b23
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e8dc41afca161b988e6d462f4d0803d247e22250
Fixed
2379fb937de5333991c567eefd7d11b98977d059

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.2
v6.12.3
v6.12.4
v6.13-rc1

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "target": {
            "file": "drivers/pmdomain/imx/gpcv2.c",
            "function": "imx_pgc_power_up"
        },
        "digest": {
            "function_hash": "150175196885812431374304406778324424889",
            "length": 1580.0
        },
        "id": "CVE-2024-56618-727e1a53",
        "signature_type": "Function",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a63907c8c712414643b597debcd09d16b6827b23",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "target": {
            "file": "drivers/pmdomain/imx/gpcv2.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "65424118244933780206246944835893938573",
                "2714380930867188909374067217201338957",
                "282626661708916914061587356215593171768",
                "116131662759402174996328491011092903002"
            ]
        },
        "id": "CVE-2024-56618-9f3b3f89",
        "signature_type": "Line",
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a63907c8c712414643b597debcd09d16b6827b23",
        "signature_version": "v1"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.10.0
Fixed
6.12.5