{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35824", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-05-17T12:19:12.346Z", "datePublished": "2024-05-17T13:27:25.357Z", "dateUpdated": "2024-11-05T09:22:59.567Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:22:59.567Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume\n\nWhen not configured for wakeup lis3lv02d_i2c_suspend() will call\nlis3lv02d_poweroff() even if the device has already been turned off\nby the runtime-suspend handler and if configured for wakeup and\nthe device is runtime-suspended at this point then it is not turned\nback on to serve as a wakeup source.\n\nBefore commit b1b9f7a49440 (\"misc: lis3lv02d_i2c: Add missing setting\nof the reg_ctrl callback\"), lis3lv02d_poweroff() failed to disable\nthe regulators which as a side effect made calling poweroff() twice ok.\n\nNow that poweroff() correctly disables the regulators, doing this twice\ntriggers a WARN() in the regulator core:\n\nunbalanced disables for regulator-dummy\nWARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable\n...\n\nFix lis3lv02d_i2c_suspend() to not call poweroff() a second time if\nalready runtime-suspended and add a poweron() call when necessary to\nmake wakeup work.\n\nlis3lv02d_i2c_resume() has similar issues, with an added weirness that\nit always powers on the device if it is runtime suspended, after which\nthe first runtime-resume will call poweron() again, causing the enabled\ncount for the regulator to increase by 1 every suspend/resume. These\nunbalanced regulator_enable() calls cause the regulator to never\nbe turned off and trigger the following WARN() on driver unbind:\n\nWARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put\n\nFix this by making lis3lv02d_i2c_resume() mirror the new suspend()."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/lis3lv02d/lis3lv02d_i2c.c"], "versions": [{"version": "2c1164ad927e", "lessThan": "4154e7673541", "status": "affected", "versionType": "git"}, {"version": "1229ce1c4acd", "lessThan": "997ca4153846", "status": "affected", "versionType": "git"}, {"version": "755182e1e866", "lessThan": "f6df761182fc", "status": "affected", "versionType": "git"}, {"version": "b1b9f7a49440", "lessThan": "ac3e0384073b", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/misc/lis3lv02d/lis3lv02d_i2c.c"], "versions": [{"version": "6.1.77", "lessThan": "6.1.84", "status": "affected", "versionType": "semver"}, {"version": "6.6.16", "lessThan": "6.6.24", "status": "affected", "versionType": "semver"}, {"version": "6.7.4", "lessThan": "6.7.12", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7"}, {"url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325"}, {"url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45"}, {"url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d"}], "title": "misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-31T18:40:44.476426Z", "id": "CVE-2024-35824", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T19:26:50.030Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.618Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:21:47.618Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-35824", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-31T18:40:44.476426Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-31T18:40:48.848Z"}}], "cna": {"title": "misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "2c1164ad927e", "lessThan": "4154e7673541", "versionType": "git"}, {"status": "affected", "version": "1229ce1c4acd", "lessThan": "997ca4153846", "versionType": "git"}, {"status": "affected", "version": "755182e1e866", "lessThan": "f6df761182fc", "versionType": "git"}, {"status": "affected", "version": "b1b9f7a49440", "lessThan": "ac3e0384073b", "versionType": "git"}], "programFiles": ["drivers/misc/lis3lv02d/lis3lv02d_i2c.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1.77", "lessThan": "6.1.84", "versionType": "custom"}, {"status": "affected", "version": "6.6.16", "lessThan": "6.6.24", "versionType": "custom"}, {"status": "affected", "version": "6.7.4", "lessThan": "6.7.12", "versionType": "custom"}], "programFiles": ["drivers/misc/lis3lv02d/lis3lv02d_i2c.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7"}, {"url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325"}, {"url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45"}, {"url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d"}], "x_generator": {"engine": "bippy-a5840b7849dd"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume\n\nWhen not configured for wakeup lis3lv02d_i2c_suspend() will call\nlis3lv02d_poweroff() even if the device has already been turned off\nby the runtime-suspend handler and if configured for wakeup and\nthe device is runtime-suspended at this point then it is not turned\nback on to serve as a wakeup source.\n\nBefore commit b1b9f7a49440 (\"misc: lis3lv02d_i2c: Add missing setting\nof the reg_ctrl callback\"), lis3lv02d_poweroff() failed to disable\nthe regulators which as a side effect made calling poweroff() twice ok.\n\nNow that poweroff() correctly disables the regulators, doing this twice\ntriggers a WARN() in the regulator core:\n\nunbalanced disables for regulator-dummy\nWARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable\n...\n\nFix lis3lv02d_i2c_suspend() to not call poweroff() a second time if\nalready runtime-suspended and add a poweron() call when necessary to\nmake wakeup work.\n\nlis3lv02d_i2c_resume() has similar issues, with an added weirness that\nit always powers on the device if it is runtime suspended, after which\nthe first runtime-resume will call poweron() again, causing the enabled\ncount for the regulator to increase by 1 every suspend/resume. These\nunbalanced regulator_enable() calls cause the regulator to never\nbe turned off and trigger the following WARN() on driver unbind:\n\nWARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put\n\nFix this by making lis3lv02d_i2c_resume() mirror the new suspend()."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-05-29T05:29:38.040Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35824", "state": "PUBLISHED", "dateUpdated": "2024-10-29T19:26:50.030Z", "dateReserved": "2024-05-17T12:19:12.346Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-05-17T13:27:25.357Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmisc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume\n\nWhen not configured for wakeup lis3lv02d_i2c_suspend() will call\nlis3lv02d_poweroff() even if the device has already been turned off\nby the runtime-suspend handler and if configured for wakeup and\nthe device is runtime-suspended at this point then it is not turned\nback on to serve as a wakeup source.\n\nBefore commit b1b9f7a49440 (\"misc: lis3lv02d_i2c: Add missing setting\nof the reg_ctrl callback\"), lis3lv02d_poweroff() failed to disable\nthe regulators which as a side effect made calling poweroff() twice ok.\n\nNow that poweroff() correctly disables the regulators, doing this twice\ntriggers a WARN() in the regulator core:\n\nunbalanced disables for regulator-dummy\nWARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable\n...\n\nFix lis3lv02d_i2c_suspend() to not call poweroff() a second time if\nalready runtime-suspended and add a poweron() call when necessary to\nmake wakeup work.\n\nlis3lv02d_i2c_resume() has similar issues, with an added weirness that\nit always powers on the device if it is runtime suspended, after which\nthe first runtime-resume will call poweron() again, causing the enabled\ncount for the regulator to increase by 1 every suspend/resume. These\nunbalanced regulator_enable() calls cause the regulator to never\nbe turned off and trigger the following WARN() on driver unbind:\n\nWARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put\n\nFix this by making lis3lv02d_i2c_resume() mirror the new suspend()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: lis3lv02d_i2c: corrige que los reguladores se activen/desactiven dos veces al suspender/reanudar Cuando no est\u00e1 configurado para reactivaci\u00f3n, lis3lv02d_i2c_suspend() llamar\u00e1 a lis3lv02d_poweroff() incluso si el dispositivo ya ha sido desactivado por el controlador de suspensi\u00f3n de tiempo de ejecuci\u00f3n y si est\u00e1 configurado para reactivaci\u00f3n y el dispositivo est\u00e1 suspendido en tiempo de ejecuci\u00f3n en este punto, no se vuelve a activar para que sirva como fuente de activaci\u00f3n. Antes de la confirmaci\u00f3n b1b9f7a49440 (\"misc: lis3lv02d_i2c: Agregar configuraci\u00f3n faltante de la devoluci\u00f3n de llamada reg_ctrl\"), lis3lv02d_poweroff() fallaba al deshabilitar los reguladores, lo que como efecto secundario hizo que llamar a poweroff() dos veces fuera correcto. Ahora que poweroff() desactiva correctamente los reguladores, al hacer esto dos veces se activa una ADVERTENCIA() en el n\u00facleo del regulador: desactivaciones desequilibradas para regulador ficticio ADVERTENCIA: CPU: 1 PID: 92 en drivers/regulator/core.c:2999 _regulator_disable .. Corrija lis3lv02d_i2c_suspend() para que no llame a poweroff() una segunda vez si ya est\u00e1 suspendido el tiempo de ejecuci\u00f3n y agregue una llamada a poweron() cuando sea necesario para que la reactivaci\u00f3n funcione. lis3lv02d_i2c_resume() tiene problemas similares, con el inconveniente adicional de que siempre enciende el dispositivo si el tiempo de ejecuci\u00f3n est\u00e1 suspendido, despu\u00e9s de lo cual la primera reanudaci\u00f3n del tiempo de ejecuci\u00f3n llamar\u00e1 a poweron() nuevamente, lo que provocar\u00e1 que el recuento habilitado para el regulador aumente en 1 cada suspender/reanudar. Estas llamadas desequilibradas regulator_enable() hacen que el regulador nunca se apague y activan la siguiente ADVERTENCIA() al desvincular el controlador: ADVERTENCIA: CPU: 1 PID: 1724 en drivers/regulator/core.c:2396 _regulator_put Solucione esto haciendo lis3lv02d_i2c_resume( ) refleja la nueva suspensi\u00f3n()."}], "id": "CVE-2024-35824", "lastModified": "2024-11-21T09:20:58.877", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-05-17T14:15:18.033", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/4154e767354140db7804207117e7238fb337b0e7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/997ca415384612c8df76d99d9a768e0b3f42b325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/ac3e0384073b2408d6cb0d972fee9fcc3776053d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.kernel.org/stable/c/f6df761182fc953907b18aba5049fc2a044ecb45"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"affected_release": [{"advisory": "RHSA-2024:5101", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.16.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-08-08T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}, {"advisory": "RHSA-2024:9315", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-503.11.1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-11-12T00:00:00Z"}], "bugzilla": {"description": "kernel: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume", "id": "2281189", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2281189"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nmisc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume\nWhen not configured for wakeup lis3lv02d_i2c_suspend() will call\nlis3lv02d_poweroff() even if the device has already been turned off\nby the runtime-suspend handler and if configured for wakeup and\nthe device is runtime-suspended at this point then it is not turned\nback on to serve as a wakeup source.\nBefore commit b1b9f7a49440 (\"misc: lis3lv02d_i2c: Add missing setting\nof the reg_ctrl callback\"), lis3lv02d_poweroff() failed to disable\nthe regulators which as a side effect made calling poweroff() twice ok.\nNow that poweroff() correctly disables the regulators, doing this twice\ntriggers a WARN() in the regulator core:\nunbalanced disables for regulator-dummy\nWARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable\n...\nFix lis3lv02d_i2c_suspend() to not call poweroff() a second time if\nalready runtime-suspended and add a poweron() call when necessary to\nmake wakeup work.\nlis3lv02d_i2c_resume() has similar issues, with an added weirness that\nit always powers on the device if it is runtime suspended, after which\nthe first runtime-resume will call poweron() again, causing the enabled\ncount for the regulator to increase by 1 every suspend/resume. These\nunbalanced regulator_enable() calls cause the regulator to never\nbe turned off and trigger the following WARN() on driver unbind:\nWARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put\nFix this by making lis3lv02d_i2c_resume() mirror the new suspend().", "A vulnerability was found in the `lis3lv02d_i2c` driver in the Linux kernel. This issue involves regulators being enabled and disabled twice during the suspend and resume process, which could lead to unintended behavior or system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35824", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-05-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35824\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35824\nhttps://lore.kernel.org/linux-cve-announce/2024051737-CVE-2024-35824-7302@gregkh/T"], "threat_severity": "Moderate", "upstream_fix": "kernel 6.1.84, kernel 6.6.24, kernel 6.7.12"}