CVE-2024-53152 - Critical Vulnerability Resolved in Linux Kernel Affecting Endpoint SoCs

A critical vulnerability (CVE-2024-53152) in the Linux kernel has been discovered and resolved, which affects the endpoint Systems-on-Chips (SoCs) of Linux-powered devices. This vulnerability exists due to the incorrect function execution sequence in the PCIe Tegra194 driver, causing potential endpoint crashes during the controller cleanups whenever the host asserts the PERST# signal. To prevent such crashes, developers should ensure that the cleanups occur at the start of the pex_ep_event_pex_rst_deassert() function, with proper attention to refclk management.

Exploit Details

The issue arises in the PCI: tegra194 driver, specifically with how dw_pcie_ep_cleanup() and pci_epc_deinit_notify() functions are called during the pex_ep_event_pex_rst_assert() execution. This means that cleanups are initiated when the host asserts the PERST# signal, causing the refclk to be disabled shortly after leading to the endpoint SoC crashes.

The code snippet below demonstrates the incorrect function sequence in the PCIe Tegra194 driver

// This function is called when the host asserts PERST# signal
static void pex_ep_event_pex_rst_assert(void)
{
    // Perform the endpoint cleanup
    dw_pcie_ep_cleanup();

    // Notify EPF deinit
    pci_epc_deinit_notify();
}

To fix this issue, the cleanups should be performed at the start of the pex_ep_event_pex_rst_deassert() function for the endpoint SoC to function correctly.

// This function is called when the host deasserts PERST# signal
static void pex_ep_event_pex_rst_deassert(void)
{
    // Enable resources (config space, doorbell, ERP)
    enable_resources();

    // Perform the endpoint cleanup
    dw_pcie_ep_cleanup();

    // Notify EPF deinit
    pci_epc_deinit_notify();

    // Continue with the rest of the PERST# deassert code execution
}

This fix ensures that the cleanup actions are done when the refclk is active, thus avoiding endpoint crashes.

The original Linux kernel patch that resolves this vulnerability can be found at the following link

- Linux Kernel Patch

For more details on the PCI Express Tegra194 driver, refer to the following documentation

- PCI: tegra194 Documentation

Conclusion

The Linux kernel vulnerability CVE-2024-53152 could have caused severe endpoint SoC crashes in Linux-powered devices when the host asserted the PERST# signal. By applying the fix and moving the controller cleanups to the pex_ep_event_pex_rst_deassert() function, the issue is resolved and ensures that the endpoint SoC remains fully functional. To further protect your systems, always ensure to keep your Linux kernel updated with the latest security patches and maintain good software development practices.

Timeline

Published on: 12/24/2024 12:15:23 UTC
Last modified on: 01/20/2025 06:19:50 UTC