CVE-2024-56787

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, related to the SoC driver on i.MX8M Plus hardware. The issue occurs when the driver async probe parameter is set to * on the kernel command line, causing the soc-imx8m.c driver to call of clk get by name(), which returns -EPROBE DEFER because the clock driver is not yet probed. This was not detected during regular testing without driver async probe. The SoC code has been converted to a platform driver, and a platform device is instantiated in its current device initcall() to probe the platform driver. The .soc revision callback has been reworked to always return a valid error code and return the SoC revision via a parameter.

Recommendations To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider disabling the imx8mm soc revision() function until a patch is available. Restrict access to the vulnerable soc-imx8m.c driver to minimize the risk of exploitation. Avoid using the driver async probe parameter until the issue is resolved.