CVE-2024-53070 - Fixing Vulnerability in Linux Kernel: usb: dwc3: Crash During System Suspend if Device was Already Runtime Suspended

CVE-2024-53070 covers a vulnerability found in the Linux kernel. This vulnerability involves the USB driver DWC3 (DesignWare Cores SuperSpeed USB 3.) and may lead to a system crash. If a device is already runtime suspended and there is a system suspend, attempts to access the device registers could result in a system crash. To resolve this issue, we'll explore how the DWC3 driver handles suspend and resume operations, and provide a code snippet to fix the issue.

Vulnerability Details

When the Linux kernel suspends a device, it undergoes several stages, and it may be necessary to access the device registers during some of these stages. In the case of the DWC3 driver, the issue occurs when the system is suspending and the device is already runtime suspended.

If an attempt is made to access the device registers during the system suspend, the system will crash. Furthermore, on some platforms, registers cannot be accessed after the dwc3_core_exit() function has been called. This creates a problem when the dwc3_enable_susphy() function is called later in the process.

You can find the original issue description and patch submission on the Linux Kernel Mailing List archive: [PATCH] usb: dwc3: fix fault at system suspend if device was already runtime suspended (https://lkml.org/lkml/2024/2/8/274)

Code Snippet to Fix the Issue

To fix this vulnerability, it is necessary to move the dwc3_enable_susphy() call to the top before calling dwc3_core_exit(). This ensures that the function call can access the necessary registers without resulting in a crash.

Here's a code snippet that demonstrates the changes

/* file: drivers/usb/dwc3/core.c */
static int dwc3_runtime_suspend(struct device *dev)
{
      struct dwc3 *dwc = dev->data;
      /* Move the dwc3_enable_susphy() call to the top */
      dwc3_enable_susphy();
      /* ... other code ... */
      dwc3_core_exit(dwc);
      return ;
}

By moving the dwc3_enable_susphy() call before the dwc3_core_exit() function, we ensure that the required registers can be accessed safely, preventing a system crash.

Conclusion

CVE-2024-53070 demonstrates a vulnerability in the Linux kernel, specifically within the DWC3 USB driver. This issue can lead to a system crash when attempting to suspend a device. The provided code snippet ensures that the necessary device register access functions are called in a safe manner, mitigating the risk of system crashes.

By keeping software up-to-date and applying the latest patches, users can protect themselves against system crashes and other vulnerabilities.

Timeline

Published on: 11/19/2024 18:15:26 UTC
Last modified on: 12/19/2024 09:38:25 UTC