{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26605", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.130Z", "datePublished": "2024-02-24T15:17:13.899Z", "dateUpdated": "2025-05-04T12:54:15.125Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T12:54:15.125Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n  ============================================\n  WARNING: possible recursive locking detected\n  6.7.0 #40 Not tainted\n  --------------------------------------------\n  kworker/u16:5/90 is trying to acquire lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n              but task is already holding lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n              other info that might help us debug this:\n   Possible unsafe locking scenario:\n\n         CPU0\n         ----\n    lock(pci_bus_sem);\n    lock(pci_bus_sem);\n\n               *** DEADLOCK ***\n\n  Call trace:\n   print_deadlock_bug+0x25c/0x348\n   __lock_acquire+0x10a4/0x2064\n   lock_acquire+0x1e8/0x318\n   down_read+0x60/0x184\n   pcie_aspm_pm_state_change+0x58/0xdc\n   pci_set_full_power_state+0xa8/0x114\n   pci_set_power_state+0xc4/0x120\n   qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n   pci_walk_bus+0x64/0xbc\n   qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/bus.c", "drivers/pci/controller/dwc/pcie-qcom.c", "drivers/pci/pci.c", "drivers/pci/pci.h", "drivers/pci/pcie/aspm.c", "include/linux/pci.h"], "versions": [{"version": "b9c370b61d735a0e5390c42771e7eb21413f7868", "lessThan": "0f7908a016c092cfdaa16d785fa5099d867bc1a3", "status": "affected", "versionType": "git"}, {"version": "8cc22ba3f77c59df5f1ac47d62df51efb28cd868", "lessThan": "b0f4478838be1f1d330061201898fef65bf8fd7c", "status": "affected", "versionType": "git"}, {"version": "f93e71aea6c60ebff8adbd8941e678302d377869", "lessThan": "ef90508574d7af48420bdc5f7b9a4f1cdd26bc70", "status": "affected", "versionType": "git"}, {"version": "f93e71aea6c60ebff8adbd8941e678302d377869", "lessThan": "1e560864159d002b453da42bd2c13a1805515a20", "status": "affected", "versionType": "git"}, {"version": "1f2f662c8bec75d1311e063efaa9107435cf16c8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/pci/bus.c", "drivers/pci/controller/dwc/pcie-qcom.c", "drivers/pci/pci.c", "drivers/pci/pci.h", "drivers/pci/pcie/aspm.c", "include/linux/pci.h"], "versions": [{"version": "6.7", "status": "affected"}, {"version": "0", "lessThan": "6.7", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.88", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.29", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.7.5", "lessThanOrEqual": "6.7.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.72", "versionEndExcluding": "6.1.88"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.6.11", "versionEndExcluding": "6.6.29"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.7.5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.15.147"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"}, {"url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"}, {"url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"}, {"url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"}], "title": "PCI/ASPM: Fix deadlock when enabling ASPM", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.853Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26605", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:33.693811Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:33:47.291Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:07:19.853Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26605", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:02:33.693811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:18.698Z"}}], "cna": {"title": "PCI/ASPM: Fix deadlock when enabling ASPM", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b9c370b61d735a0e5390c42771e7eb21413f7868", "lessThan": "0f7908a016c092cfdaa16d785fa5099d867bc1a3", "versionType": "git"}, {"status": "affected", "version": "8cc22ba3f77c59df5f1ac47d62df51efb28cd868", "lessThan": "b0f4478838be1f1d330061201898fef65bf8fd7c", "versionType": "git"}, {"status": "affected", "version": "f93e71aea6c60ebff8adbd8941e678302d377869", "lessThan": "ef90508574d7af48420bdc5f7b9a4f1cdd26bc70", "versionType": "git"}, {"status": "affected", "version": "f93e71aea6c60ebff8adbd8941e678302d377869", "lessThan": "1e560864159d002b453da42bd2c13a1805515a20", "versionType": "git"}], "programFiles": ["drivers/pci/bus.c", "drivers/pci/controller/dwc/pcie-qcom.c", "drivers/pci/pci.c", "drivers/pci/pci.h", "drivers/pci/pcie/aspm.c", "include/linux/pci.h"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.7"}, {"status": "unaffected", "version": "0", "lessThan": "6.7", "versionType": "semver"}, {"status": "unaffected", "version": "6.1.88", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.29", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.7.5", "versionType": "semver", "lessThanOrEqual": "6.7.*"}, {"status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/pci/bus.c", "drivers/pci/controller/dwc/pcie-qcom.c", "drivers/pci/pci.c", "drivers/pci/pci.h", "drivers/pci/pcie/aspm.c", "include/linux/pci.h"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"}, {"url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"}, {"url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"}, {"url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n  ============================================\n  WARNING: possible recursive locking detected\n  6.7.0 #40 Not tainted\n  --------------------------------------------\n  kworker/u16:5/90 is trying to acquire lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n              but task is already holding lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n              other info that might help us debug this:\n   Possible unsafe locking scenario:\n\n         CPU0\n         ----\n    lock(pci_bus_sem);\n    lock(pci_bus_sem);\n\n               *** DEADLOCK ***\n\n  Call trace:\n   print_deadlock_bug+0x25c/0x348\n   __lock_acquire+0x10a4/0x2064\n   lock_acquire+0x1e8/0x318\n   down_read+0x60/0x184\n   pcie_aspm_pm_state_change+0x58/0xdc\n   pci_set_full_power_state+0xa8/0x114\n   pci_set_power_state+0xc4/0x120\n   qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n   pci_walk_bus+0x64/0xbc\n   qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice."}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.88", "versionStartIncluding": "6.1.72"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.29", "versionStartIncluding": "6.6.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.7.5", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.8", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionStartIncluding": "5.15.147"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:52:10.952Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26605", "state": "PUBLISHED", "dateUpdated": "2025-05-04T08:52:10.952Z", "dateReserved": "2024-02-19T14:20:24.130Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-02-24T15:17:13.899Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "06B690E0-5DAC-44EC-947A-D6E4EB0475CA", "versionEndExcluding": "6.7.5", "versionStartIncluding": "6.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n  ============================================\n  WARNING: possible recursive locking detected\n  6.7.0 #40 Not tainted\n  --------------------------------------------\n  kworker/u16:5/90 is trying to acquire lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n              but task is already holding lock:\n  ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n              other info that might help us debug this:\n   Possible unsafe locking scenario:\n\n         CPU0\n         ----\n    lock(pci_bus_sem);\n    lock(pci_bus_sem);\n\n               *** DEADLOCK ***\n\n  Call trace:\n   print_deadlock_bug+0x25c/0x348\n   __lock_acquire+0x10a4/0x2064\n   lock_acquire+0x1e8/0x318\n   down_read+0x60/0x184\n   pcie_aspm_pm_state_change+0x58/0xdc\n   pci_set_full_power_state+0xa8/0x114\n   pci_set_power_state+0xc4/0x120\n   qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n   pci_walk_bus+0x64/0xbc\n   qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: PCI/ASPM: solucion\u00f3 el punto muerto al habilitar ASPM. Una reversi\u00f3n de \u00faltimo minuto en 6.7-final introdujo un posible punto muerto al habilitar ASPM durante la prueba de los controladores PCIe de Qualcomm, seg\u00fan lo informado por lockdep: === ========================================= ADVERTENCIA: posible bloqueo recursivo detectado 6.7.0 #40 No contaminado -------------------------------------------- kworker/ u16:5/90 est\u00e1 intentando adquirir el bloqueo: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, en: pcie_aspm_pm_state_change+0x58/0xdc pero la tarea ya mantiene el bloqueo: ffffacfa78ced000 (pci_bus_sem){+++ +}-{3:3}, en: pci_walk_bus+0x34/0xbc otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 ---- lock(pci_bus_sem); bloquear(pci_bus_sem); *** DEADLOCK *** Rastreo de llamadas: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_ set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom] El punto muerto se puede reproducir f\u00e1cilmente en m\u00e1quinas como la Lenovo ThinkPad X13s agregando un retraso para aumentar la ventana de carrera durante la prueba as\u00edncrona donde otro hilo puede tomar un bloqueo de escritura. Agregue un nuevo pci_set_power_state_locked() y funciones auxiliares asociadas que se pueden llamar con el sem\u00e1foro del bus PCI retenido para evitar tomar el bloqueo de lectura dos veces."}], "id": "CVE-2024-26605", "lastModified": "2024-11-21T09:02:38.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-02-26T16:28:00.207", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: PCI/ASPM: Fix deadlock when enabling ASPM", "id": "2265831", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265831"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-833", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nPCI/ASPM: Fix deadlock when enabling ASPM\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n============================================\nWARNING: possible recursive locking detected\n6.7.0 #40 Not tainted\n--------------------------------------------\nkworker/u16:5/90 is trying to acquire lock:\nffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\nbut task is already holding lock:\nffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\nother info that might help us debug this:\nPossible unsafe locking scenario:\nCPU0\n----\nlock(pci_bus_sem);\nlock(pci_bus_sem);\n*** DEADLOCK ***\nCall trace:\nprint_deadlock_bug+0x25c/0x348\n__lock_acquire+0x10a4/0x2064\nlock_acquire+0x1e8/0x318\ndown_read+0x60/0x184\npcie_aspm_pm_state_change+0x58/0xdc\npci_set_full_power_state+0xa8/0x114\npci_set_power_state+0xc4/0x120\nqcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\npci_walk_bus+0x64/0xbc\nqcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.", "A flaw was found in the Linux kernel, where a deadlock scenario was triggered when enabling Active State Power Management (ASPM) during the probe of Qualcomm PCIe controllers. This deadlock was identified by lockdep and stemmed from a recursive locking scenario. This issue occurred when a task attempted to acquire a lock already held by another task, leading to a deadlock situation. The deadlock could be reproduced on certain machines, such as the Lenovo ThinkPad X13s, by intentionally delaying operations to increase the race window during asynchronous probes, allowing another thread to take a write lock."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-26605", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-02-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-26605\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-26605\nhttps://lore.kernel.org/linux-cve-announce/2024022419-CVE-2024-26605-7b06@gregkh/T/#u"], "statement": "The identified vulnerability, while significant in terms of potential system instability, is categorized as Low severity due to several factors. First, the deadlock scenario is triggered under specific conditions during the probe of Qualcomm PCIe controllers, limiting its impact to a subset of hardware configurations. Additionally, the deadlock can be reliably reproduced only with deliberate manipulation, such as introducing delays to increase the race window during asynchronous probe operations. Furthermore, the issue does not pose a direct security threat or enable unauthorized access or privilege escalation. Last, the timely identification and resolution of the problem by introducing a targeted fix demonstrate the robustness of the Linux kernel development process in addressing such issues efficiently.", "threat_severity": "Low"}