CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-43098: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock

Description

In the Linux kernel, the following vulnerability has been resolved:

i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock

A deadlock may happen since the i3c_master_register() acquires
&i3cbus->lock twice. See the log below.
Use i3cdev->desc->info instead of calling i3c_device_info() to
avoid acquiring the lock twice.

v2:
- Modified the title and commit message

============================================
WARNING: possible recursive locking detected
6.11.0-mainline
--------------------------------------------
init/1 is trying to acquire lock:
f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_bus_normaluse_lock

but task is already holding lock:
f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register

other info that might help us debug this:
Possible unsafe locking scenario:

CPU0
----
lock(&i3cbus->lock);
lock(&i3cbus->lock);

*** DEADLOCK ***

May be due to missing lock nesting notation

2 locks held by init/1:
#0: fcffff809b6798f8 (&dev->mutex){....}-{3:3}, at: __driver_attach
#1: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register

stack backtrace:
CPU: 6 UID: 0 PID: 1 Comm: init
Call trace:
dump_backtrace+0xfc/0x17c
show_stack+0x18/0x28
dump_stack_lvl+0x40/0xc0
dump_stack+0x18/0x24
print_deadlock_bug+0x388/0x390
__lock_acquire+0x18bc/0x32ec
lock_acquire+0x134/0x2b0
down_read+0x50/0x19c
i3c_bus_normaluse_lock+0x14/0x24
i3c_device_get_info+0x24/0x58
i3c_device_ue...

Classification

CVE ID: CVE-2024-43098

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.05% (scored less or equal to compared to others)

EPSS Date: 2025-02-09 (when was this score calculated)

References

https://git.kernel.org/stable/c/9a2173660ee53d5699744f02e6ab7bf89fcd0b1a
https://git.kernel.org/stable/c/5ac1dd51aaa0ce8b5421d1137e857955a4b6f55e
https://git.kernel.org/stable/c/2d98fa2a50b8058de52ada168fa5dbabb574711b
https://git.kernel.org/stable/c/816187b1833908941286e71b0041059a4acd52ed
https://git.kernel.org/stable/c/ffe19e363c6f8b992ba835a361542568dea17409
https://git.kernel.org/stable/c/1f51ae217d09c361ede900b94735a6d2df6c0344
https://git.kernel.org/stable/c/6cf7b65f7029914dc0cd7db86fac9ee5159008c6

Timeline

2025-01-12 00:30:18 UTC
CVE

i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock
2025-04-01 10:15:25 UTC
Tenable Plugins

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1317)
2025-04-01 10:15:26 UTC
Tenable Plugins

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-1334)