CVE-2024-27004

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.37

Description The vulnerability is related to a classic ABBA deadlock in the Linux kernel's clk component. It occurs when a thread is walking the clk tree and calling clk pm runtime get() to power on devices required to read the clk hardware, while another thread is runtime PM resuming the same device, causing a deadlock. The issue is caused by the clk prepare lock being held while trying to runtime PM resume or suspend a device. This can lead to a denial-of-service (DoS) condition.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.37 or later. This version includes the fix for the deadlock issue. If updating the kernel is not possible, consider disabling the clk pm runtime get() function or restricting access to the vulnerable module as a temporary workaround. However, these workarounds may have unintended consequences and should be thoroughly tested before implementation.

At the moment, there is no information about other newer versions that contain a fix for this vulnerability.