CVE-2024-49961 in Linuxinfo

Summary

by MITRE • 10/21/2024

In the Linux kernel, the following vulnerability has been resolved:

media: i2c: ar0521: Use cansleep version of gpiod_set_value()

If we use GPIO reset from I2C port expander, we must use *_cansleep() variant of GPIO functions. This was not done in ar0521_power_on()/ar0521_power_off() functions. Let's fix that.

------------[ cut here ]------------
WARNING: CPU: 0 PID: 11 at drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x74/0x7c Modules linked in: CPU: 0 PID: 11 Comm: kworker/u16:0 Not tainted 6.10.0 #53 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) Workqueue: events_unbound deferred_probe_work_func pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : gpiod_set_value+0x74/0x7c lr : ar0521_power_on+0xcc/0x290 sp : ffffff8001d7ab70 x29: ffffff8001d7ab70 x28: ffffff80027dcc90 x27: ffffff8003c82000 x26: ffffff8003ca9250 x25: ffffffc080a39c60 x24: ffffff8003ca9088 x23: ffffff8002402720 x22: ffffff8003ca9080 x21: ffffff8003ca9088 x20: 0000000000000000 x19: ffffff8001eb2a00 x18: ffffff80efeeac80 x17: 756d2d6332692f30 x16: 0000000000000000 x15: 0000000000000000 x14: ffffff8001d91d40 x13: 0000000000000016 x12: ffffffc080e98930 x11: ffffff8001eb2880 x10: 0000000000000890 x9 : ffffff8001d7a9f0 x8 : ffffff8001d92570 x7 : ffffff80efeeac80 x6 : 000000003fc6e780 x5 : ffffff8001d91c80 x4 : 0000000000000002 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000001 Call trace: gpiod_set_value+0x74/0x7c ar0521_power_on+0xcc/0x290 ...

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 03/21/2026

The vulnerability described in CVE-2024-49961 pertains to a critical flaw in the Linux kernel's media subsystem, specifically within the i2c driver for the ar0521 camera sensor. This issue arises from the improper usage of GPIO functions during the power management operations of the sensor. The core problem lies in the use of non-cansleep variants of GPIO functions when operating GPIOs that are controlled through an I2C port expander, which can lead to system instability and potential kernel panics.

The technical flaw manifests when the ar0521_power_on() and ar0521_power_off() functions attempt to control GPIO reset lines without employing the appropriate *_cansleep() variants of the GPIO functions. This particular function call sequence results in a kernel oops and system crash as evidenced by the stack trace pointing to gpiod_set_value+0x74/0x7c in the gpiolib.c module. The kernel warning indicates that the system attempted to perform a GPIO operation from an interrupt context or workqueue where sleeping is not permitted, violating fundamental kernel scheduling constraints.

The operational impact of this vulnerability is significant as it can cause complete system crashes during camera sensor power management operations, particularly when the sensor is being initialized or powered down. The affected device platform, Diasom DS-RK3568-SOM-EVB, demonstrates the real-world implications of this flaw in embedded systems where camera modules are commonly integrated. The vulnerability directly affects the reliability and stability of systems relying on the ar0521 sensor driver, potentially leading to service interruptions and data loss in production environments.

The fix implemented addresses the root cause by ensuring that the *_cansleep() variants of GPIO functions are used when operating GPIOs connected through I2C port expanders. This change allows the kernel to properly handle potential sleep scenarios during GPIO operations, maintaining system stability. From a cybersecurity perspective, this vulnerability aligns with CWE-664, which deals with improper control of a resource through time-based events, and relates to ATT&CK technique T1490, specifically the exploitation of kernel vulnerabilities to achieve system compromise. The resolution ensures proper kernel thread scheduling compliance and prevents potential denial-of-service conditions that could be exploited by malicious actors to destabilize embedded systems.

Responsible

Linux

Reservation

10/21/2024

Disclosure

10/21/2024

Moderation

accepted

CPE

ready

EPSS

0.00234

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!