CVE - CVE-2024-42253

CVE-ID
CVE-2024-42253	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system. * Normal case 0-0022: write register AI\|3a {03,02,00,00,01} Input latch P0 0-0022: write register AI\|49 {fc,fd,ff,ff,fe} Interrupt mask P0 0-0022: write register AI\|08 {ff,00,00,00,00} Output P3 0-0022: write register AI\|12 {fc,00,00,00,00} Config P3 * Race case 0-0022: write register AI\|08 {ff,00,00,00,00} Output P3 0-0022: write register AI\|08 {03,02,00,00,01} * Wrong register * 0-0022: write register AI\|12 {fc,00,00,00,00} Config P3 0-0022: write register AI\|49 {fc,fd,ff,ff,fe} Interrupt mask P0
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 URL:https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 MISC:https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904 URL:https://git.kernel.org/stable/c/bfc6444b57dc7186b6acc964705d7516cbaf3904 MISC:https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41 URL:https://git.kernel.org/stable/c/de7cffa53149c7b48bd1bb29b02390c9f05b7f41 MISC:https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2 URL:https://git.kernel.org/stable/c/e2ecdddca80dd845df42376e4b0197fe97018ba2
Assigning CNA
kernel.org
Date Record Created
20240730	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20240730)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)