{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-26806","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.179Z","datePublished":"2024-04-04T08:20:33.512Z","dateUpdated":"2025-05-04T08:56:58.797Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T08:56:58.797Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks\n\nThe ->runtime_suspend() and ->runtime_resume() callbacks are not\nexpected to call spi_controller_suspend() and spi_controller_resume().\nRemove calls to those in the cadence-qspi driver.\n\nThose helpers have two roles currently:\n - They stop/start the queue, including dealing with the kworker.\n - They toggle the SPI controller SPI_CONTROLLER_SUSPENDED flag. It\n   requires acquiring ctlr->bus_lock_mutex.\n\nStep one is irrelevant because cadence-qspi is not queued. Step two\nhowever has two implications:\n - A deadlock occurs, because ->runtime_resume() is called in a context\n   where the lock is already taken (in the ->exec_op() callback, where\n   the usage count is incremented).\n - It would disallow all operations once the device is auto-suspended.\n\nHere is a brief call tree highlighting the mutex deadlock:\n\nspi_mem_exec_op()\n        ...\n        spi_mem_access_start()\n                mutex_lock(&ctlr->bus_lock_mutex)\n\n        cqspi_exec_mem_op()\n                pm_runtime_resume_and_get()\n                        cqspi_resume()\n                                spi_controller_resume()\n                                        mutex_lock(&ctlr->bus_lock_mutex)\n                ...\n\n        spi_mem_access_end()\n                mutex_unlock(&ctlr->bus_lock_mutex)\n        ..."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-cadence-quadspi.c"],"versions":[{"version":"0578a6dbfe7514db7134501cf93acc21cf13e479","lessThan":"041562ebc4759c9932b59a06527f8753b86da365","status":"affected","versionType":"git"},{"version":"0578a6dbfe7514db7134501cf93acc21cf13e479","lessThan":"959043afe53ae80633e810416cee6076da6e91c6","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/spi/spi-cadence-quadspi.c"],"versions":[{"version":"6.7","status":"affected"},{"version":"0","lessThan":"6.7","status":"unaffected","versionType":"semver"},{"version":"6.7.9","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.7.9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.7","versionEndExcluding":"6.8"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365"},{"url":"https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6"}],"title":"spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-26806","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-04-05T17:28:20.913168Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:49:23.037Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:14:13.643Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6","tags":["x_transferred"]}]}]}}