CVE-2024-26963 in Linuxinfo

Summary

by MITRE • 05/01/2024

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3-am62: fix module unload/reload behavior

As runtime PM is enabled, the module can be runtime suspended when .remove() is called.

Do a pm_runtime_get_sync() to make sure module is active before doing any register operations.

Doing a pm_runtime_put_sync() should disable the refclk so no need to disable it again.

Fixes the below warning at module removel.

[ 39.705310] ------------[ cut here ]------------
[ 39.710004] clk:162:3 already disabled
[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8

We called of_platform_populate() in .probe() so call the cleanup function of_platform_depopulate() in .remove(). Get rid of the now unnnecessary dwc3_ti_remove_core(). Without this, module re-load doesn't work properly.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 01/26/2026

The vulnerability CVE-2024-26963 affects the Linux kernel's USB driver implementation specifically within the dwc3-am62 controller module. This issue manifests as a improper module unload/reload behavior that stems from inadequate power management handling during device removal operations. The root cause lies in the interaction between runtime power management and the module's cleanup sequence, creating a scenario where clock resources become improperly managed during module lifecycle transitions. The vulnerability is particularly concerning because it affects the fundamental operation of USB controllers in embedded systems, potentially leading to system instability or resource exhaustion during dynamic module loading and unloading operations.

The technical flaw occurs when the module remove function is invoked while runtime power management is enabled, causing the module to be suspended before the cleanup operations complete. The system fails to properly maintain the module's active state during register operations, leading to a race condition where clock resources are accessed while already disabled. This creates a direct violation of the clock management subsystem's expected behavior, as evidenced by the warning message indicating that a clock is already disabled when the system attempts to disable it again. The underlying issue is that the module does not properly synchronize its runtime power management state before performing critical register operations, resulting in improper resource handling and potential system crashes.

The operational impact of this vulnerability extends beyond simple module reload failures to potentially compromise system stability in embedded Linux environments that rely heavily on dynamic USB controller management. When modules cannot be properly unloaded and reloaded, it creates a persistent state where the system cannot effectively manage USB resources, leading to potential resource leaks and degraded performance. This is particularly problematic in automotive, industrial, or networking applications where USB controllers may need frequent reconfiguration or where system updates require dynamic module reloading. The vulnerability essentially prevents proper module lifecycle management, forcing administrators to reboot systems rather than simply reloading modules, which represents a significant operational inconvenience and potential reliability issue.

The fix implemented addresses this vulnerability by ensuring proper runtime power management synchronization during module removal. The solution involves calling pm_runtime_get_sync() before performing any register operations to guarantee the module remains active during cleanup, while also removing redundant clock disable operations that were causing the warning messages. The patch also corrects the module cleanup sequence by properly calling of_platform_depopulate() to match the of_platform_populate() call made during probe, eliminating the need for the obsolete dwc3_ti_remove_core() function. This approach aligns with the common practice of maintaining proper power management state synchronization during device lifecycle transitions and follows the principle of least privilege by ensuring resources are properly acquired before use. The fix directly addresses the clock management warning by preventing the double-disable scenario that was causing the kernel to emit the warning message. This remediation ensures that module reload operations function correctly and maintain proper system stability, with the solution being consistent with the Linux kernel's established patterns for handling runtime power management in device drivers. The vulnerability resolution follows industry standards for device driver power management and aligns with the ATT&CK framework's system binary modification techniques by ensuring proper resource handling during module operations.

Reservation

02/19/2024

Disclosure

05/01/2024

Moderation

accepted

CPE

ready

EPSS

0.00222

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!