CVE-2024-44952

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue is related to a potential deadlock in the Linux kernel's driver core, specifically in the uevent show() function. This function wants to de-reference dev->driver->name, but there is no clean way to do so unless the attribute is defined via (struct device driver).dev groups. The anti-pattern of taking the device lock() in the attribute handler risks deadlocks with code paths that remove device attributes while holding the lock. This deadlock is typically invisible to lockdep given the device lock() is marked lockdep set novalidate class(), but some subsystems allocate a local lockdep key for @dev->mutex to reveal reports of the form: WARNING: possible circular locking dependency detected. The observation is that driver objects are typically much longer lived than device objects, making it reasonable to perform lockless de-reference of a @driver pointer even if it is racing detach from a device. Given the infrequency of driver unregistration, synchronize rcu() is used in module remove driver() to close any potential races.

Recommendations To resolve this issue, update the Linux kernel to version 6.6.50 or later. If updating is not possible, consider applying the patch that fixes the uevent show() vs driver detach race condition. As a temporary workaround, consider disabling the uevent show() function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation. At the moment, there is no information about other versions that contain a fix for this vulnerability.