{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27003", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-02-19T14:20:24.207Z", "datePublished": "2024-05-01T05:28:49.732Z", "dateUpdated": "2024-11-05T09:19:45.152Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:19:45.152Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree for clk_summary\n\nSimilar to the previous commit, we should make sure that all devices are\nruntime resumed before printing the clk_summary through debugfs. Failure\nto do so would result in a deadlock if the thread is resuming a device\nto print clk state and that device is also runtime resuming in another\nthread, e.g the screen is turning on and the display driver is starting\nup. We remove the calls to clk_pm_runtime_{get,put}() in this path\nbecause they're superfluous now that we know the devices are runtime\nresumed. This also squashes a bug where the return value of\nclk_pm_runtime_get() wasn't checked, leading to an RPM count underflow\non error paths."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/clk.c"], "versions": [{"version": "1bb294a7981c", "lessThan": "83ada89e4a86", "status": "affected", "versionType": "git"}, {"version": "1bb294a7981c", "lessThan": "2c077fdfd09d", "status": "affected", "versionType": "git"}, {"version": "1bb294a7981c", "lessThan": "b457105309d3", "status": "affected", "versionType": "git"}, {"version": "1bb294a7981c", "lessThan": "9d1e795f754d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/clk/clk.c"], "versions": [{"version": "5.17", "status": "affected"}, {"version": "0", "lessThan": "5.17", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.88", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.29", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.8.8", "lessThanOrEqual": "6.8.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/83ada89e4a86e2b28ea2b5113c76d6dc7560a4d0"}, {"url": "https://git.kernel.org/stable/c/2c077fdfd09dffb31a890e5095c8ab205138a42e"}, {"url": "https://git.kernel.org/stable/c/b457105309d388e4081c716cf7b81d517ff74db4"}, {"url": "https://git.kernel.org/stable/c/9d1e795f754db1ac3344528b7af0b17b8146f321"}], "title": "clk: Get runtime PM before walking tree for clk_summary", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-17T17:40:36.499958Z", "id": "CVE-2024-27003", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:46:23.697Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.828Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/83ada89e4a86e2b28ea2b5113c76d6dc7560a4d0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2c077fdfd09dffb31a890e5095c8ab205138a42e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b457105309d388e4081c716cf7b81d517ff74db4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9d1e795f754db1ac3344528b7af0b17b8146f321", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/83ada89e4a86e2b28ea2b5113c76d6dc7560a4d0", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/2c077fdfd09dffb31a890e5095c8ab205138a42e", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/b457105309d388e4081c716cf7b81d517ff74db4", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/9d1e795f754db1ac3344528b7af0b17b8146f321", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:21:05.828Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27003", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-17T17:40:36.499958Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-17T17:40:37.479Z"}}], "cna": {"title": "clk: Get runtime PM before walking tree for clk_summary", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1bb294a7981c", "lessThan": "83ada89e4a86", "versionType": "git"}, {"status": "affected", "version": "1bb294a7981c", "lessThan": "2c077fdfd09d", "versionType": "git"}, {"status": "affected", "version": "1bb294a7981c", "lessThan": "b457105309d3", "versionType": "git"}, {"status": "affected", "version": "1bb294a7981c", "lessThan": "9d1e795f754d", "versionType": "git"}], "programFiles": ["drivers/clk/clk.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.17"}, {"status": "unaffected", "version": "0", "lessThan": "5.17", "versionType": "custom"}, {"status": "unaffected", "version": "6.1.88", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.29", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.8.8", "versionType": "custom", "lessThanOrEqual": "6.8.*"}, {"status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/clk/clk.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/83ada89e4a86e2b28ea2b5113c76d6dc7560a4d0"}, {"url": "https://git.kernel.org/stable/c/2c077fdfd09dffb31a890e5095c8ab205138a42e"}, {"url": "https://git.kernel.org/stable/c/b457105309d388e4081c716cf7b81d517ff74db4"}, {"url": "https://git.kernel.org/stable/c/9d1e795f754db1ac3344528b7af0b17b8146f321"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree for clk_summary\n\nSimilar to the previous commit, we should make sure that all devices are\nruntime resumed before printing the clk_summary through debugfs. Failure\nto do so would result in a deadlock if the thread is resuming a device\nto print clk state and that device is also runtime resuming in another\nthread, e.g the screen is turning on and the display driver is starting\nup. We remove the calls to clk_pm_runtime_{get,put}() in this path\nbecause they're superfluous now that we know the devices are runtime\nresumed. This also squashes a bug where the return value of\nclk_pm_runtime_get() wasn't checked, leading to an RPM count underflow\non error paths."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:26:49.901Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27003", "state": "PUBLISHED", "dateUpdated": "2024-08-02T00:21:05.828Z", "dateReserved": "2024-02-19T14:20:24.207Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-01T05:28:49.732Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree for clk_summary\n\nSimilar to the previous commit, we should make sure that all devices are\nruntime resumed before printing the clk_summary through debugfs. Failure\nto do so would result in a deadlock if the thread is resuming a device\nto print clk state and that device is also runtime resuming in another\nthread, e.g the screen is turning on and the display driver is starting\nup. We remove the calls to clk_pm_runtime_{get,put}() in this path\nbecause they're superfluous now that we know the devices are runtime\nresumed. This also squashes a bug where the return value of\nclk_pm_runtime_get() wasn't checked, leading to an RPM count underflow\non error paths."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: clk: Obtenga PM en tiempo de ejecuci\u00f3n antes de recorrer el \u00e1rbol para clk_summary De manera similar a el commit anterior, debemos asegurarnos de que todos los dispositivos se reanuden en tiempo de ejecuci\u00f3n antes de imprimir clk_summary a trav\u00e9s de debugfs. No hacerlo resultar\u00eda en un punto muerto si el subproceso est\u00e1 reanudando un dispositivo para imprimir el estado de clk y ese dispositivo tambi\u00e9n est\u00e1 reanudando el tiempo de ejecuci\u00f3n en otro subproceso, por ejemplo, la pantalla se enciende y el controlador de pantalla se est\u00e1 iniciando. Eliminamos las llamadas a clk_pm_runtime_{get,put}() en esta ruta porque son superfluas ahora que sabemos que los dispositivos se han reanudado en tiempo de ejecuci\u00f3n. Esto tambi\u00e9n soluciona un error por el cual el valor de retorno de clk_pm_runtime_get() no se verificaba, lo que provocaba un desbordamiento insuficiente del recuento de RPM en las rutas de error."}], "id": "CVE-2024-27003", "lastModified": "2024-05-13T08:15:11.597", "metrics": {}, "published": "2024-05-01T06:15:18.597", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2c077fdfd09dffb31a890e5095c8ab205138a42e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/83ada89e4a86e2b28ea2b5113c76d6dc7560a4d0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9d1e795f754db1ac3344528b7af0b17b8146f321"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b457105309d388e4081c716cf7b81d517ff74db4"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: clk: Get runtime PM before walking tree for clk_summary", "id": "2278293", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2278293"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nclk: Get runtime PM before walking tree for clk_summary\nSimilar to the previous commit, we should make sure that all devices are\nruntime resumed before printing the clk_summary through debugfs. Failure\nto do so would result in a deadlock if the thread is resuming a device\nto print clk state and that device is also runtime resuming in another\nthread, e.g the screen is turning on and the display driver is starting\nup. We remove the calls to clk_pm_runtime_{get,put}() in this path\nbecause they're superfluous now that we know the devices are runtime\nresumed. This also squashes a bug where the return value of\nclk_pm_runtime_get() wasn't checked, leading to an RPM count underflow\non error paths."], "name": "CVE-2024-27003", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-27003\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-27003\nhttps://lore.kernel.org/linux-cve-announce/2024050146-CVE-2024-27003-c862@gregkh/T"], "threat_severity": "Low", "upstream_fix": "kernel 6.1.88, kernel 6.6.29, kernel 6.8.8, kernel 6.9-rc5"}