CVE-2024-27004: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008 Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c rpm_resume+0xe0/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 clk_pm_runtime_get+0x30/0xb0 clk_disable_unused_subtree+0x58/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused+0x4c/0xe4 do_one_initcall+0xcc/0x2d8 do_initcall_level+0xa4/0x148 do_initcalls+0x5c/0x9c do_basic_setup+0x24/0x30 kernel_init_freeable+0xec/0x164 kernel_init+0x28/0x120 ret_from_fork+0x10/0x20 INFO: task kworker/u16:0:9 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008 Workqueue: events_unbound deferred_probe_work_func Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c schedule_preempt_disabled+0x2c/0x48 __mutex_lock+0x238/0x488 __mutex_lock_slowpath+0x1c/0x28 mutex_lock+0x50/0x74 clk_prepare_lock+0x7c/0x9c clk_core_prepare_lock+0x20/0x44 clk_prepare+0x24/0x30 clk_bulk_prepare+0x40/0xb0 mdss_runtime_resume+0x54/0x1c8 pm_generic_runtime_resume+0x30/0x44 __genpd_runtime_resume+0x68/0x7c genpd_runtime_resume+0x108/0x1f4 __rpm_callback+0x84/0x144 rpm_callback+0x30/0x88 rpm_resume+0x1f4/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 __device_attach+0xe0/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c device_add+0x644/0x814 mipi_dsi_device_register_full+0xe4/0x170 devm_mipi_dsi_device_register_full+0x28/0x70 ti_sn_bridge_probe+0x1dc/0x2c0 auxiliary_bus_probe+0x4c/0x94 really_probe+0xcc/0x2c8 __driver_probe_device+0xa8/0x130 driver_probe_device+0x48/0x110 __device_attach_driver+0xa4/0xcc bus_for_each_drv+0x8c/0xd8 __device_attach+0xf8/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c deferred_probe_work_func+0x9c/0xd8 process_one_work+0x148/0x518 worker_thread+0x138/0x350 kthread+0x138/0x1e0 ret_from_fork+0x10/0x20 The first thread is walking the clk tree and calling clk_pm_runtime_get() to power on devices required to read the clk hardware via struct clk_ops::is_enabled(). This thread holds the clk prepare_lock, and is trying to runtime PM resume a device, when it finds that the device is in the process of resuming so the thread schedule()s away waiting for the device to finish resuming before continuing. The second thread is runtime PM resuming the same device, but the runtime resume callback is calling clk_prepare(), trying to grab the prepare_lock waiting on the first thread. This is a classic ABBA deadlock. To properly fix the deadlock, we must never runtime PM resume or suspend a device with the clk prepare_lock held. Actually doing that is near impossible today because the global prepare_lock would have to be dropped in the middle of the tree, the device runtime PM resumed/suspended, and then the prepare_lock grabbed again to ensure consistency of the clk tree topology. If anything changes with the clk tree in the meantime, we've lost and will need to start the operation all over again. Luckily, most of the time we're simply incrementing or decrementing the runtime PM count on an active device, so we don't have the chance to schedule away with the prepare_lock held. Let's fix this immediate problem that can be ---truncated---
AI Analysis
Technical Summary
CVE-2024-27004 is a vulnerability identified in the Linux kernel related to the clock (clk) subsystem's runtime power management (PM) implementation. The issue arises from a classic ABBA deadlock scenario involving two kernel threads interacting with the clk tree and device runtime PM operations. Specifically, one thread walks the clk tree and calls clk_pm_runtime_get() to power on devices required to read clock hardware status, holding the clk prepare_lock while attempting to runtime PM resume a device. This thread schedules away waiting for the device to finish resuming. Concurrently, a second thread is performing a runtime PM resume on the same device, and during its resume callback, it calls clk_prepare(), attempting to acquire the same prepare_lock held by the first thread. This circular dependency results in a deadlock, causing kernel tasks to hang for extended periods (over 122 seconds as observed). The deadlock occurs because the runtime PM resume or suspend operations are performed while holding the clk prepare_lock, which is not designed to be released and reacquired mid-operation without risking inconsistency in the clk tree topology. The complexity of the clk tree and the global nature of the prepare_lock make it difficult to restructure the locking to avoid this deadlock without risking other issues. The vulnerability manifests as system hangs or blocked kernel tasks, impacting system availability. Although the full fix is complex, the immediate resolution involves avoiding runtime PM resume or suspend calls while holding the prepare_lock, reducing the likelihood of this deadlock. This vulnerability affects Linux kernel versions around 5.15.149 and possibly others with similar clk subsystem implementations. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based systems, especially those using kernel versions affected by this vulnerability, the primary impact is on system availability and stability. Systems may experience hangs or blocked kernel tasks, leading to degraded performance or complete system unresponsiveness. This can disrupt critical services, especially in environments where Linux is used for servers, embedded devices, or infrastructure components. Industries such as telecommunications, manufacturing, finance, and public sector entities that deploy Linux in their operational technology or IT infrastructure could face operational interruptions. The deadlock could affect devices that rely heavily on runtime power management, including mobile devices, IoT gateways, and edge computing platforms. While confidentiality and integrity are not directly impacted by this vulnerability, the availability impact can lead to denial of service conditions, potentially causing downtime and associated financial and reputational damage. Given the complexity of the issue, recovery may require system reboots or kernel updates, which could be disruptive in production environments.
Mitigation Recommendations
To mitigate CVE-2024-27004, European organizations should: 1) Prioritize updating Linux kernels to versions where this vulnerability is patched or mitigated, as the Linux kernel community has addressed the deadlock by modifying runtime PM calls to avoid holding the clk prepare_lock during resume/suspend operations. 2) For systems where immediate kernel updates are not feasible, consider applying vendor-provided backported patches or workarounds that address the deadlock condition. 3) Monitor system logs for hung task warnings related to clk and runtime PM operations to detect potential deadlock occurrences early. 4) In environments with custom kernel builds or embedded Linux devices, coordinate with vendors or internal development teams to integrate the fix or implement equivalent locking changes. 5) Implement robust system monitoring and automated recovery mechanisms to detect and remediate hung tasks or system unresponsiveness caused by this deadlock. 6) Test kernel updates and patches in staging environments to ensure stability before deployment in production, as changes to power management and clock subsystems can have broad effects. 7) Review and optimize device driver interactions with the clk subsystem to minimize complex locking scenarios that could exacerbate deadlocks. These steps go beyond generic advice by focusing on kernel version management, targeted monitoring, and vendor coordination specific to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland
CVE-2024-27004: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008 Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c rpm_resume+0xe0/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 clk_pm_runtime_get+0x30/0xb0 clk_disable_unused_subtree+0x58/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused_subtree+0x38/0x208 clk_disable_unused+0x4c/0xe4 do_one_initcall+0xcc/0x2d8 do_initcall_level+0xa4/0x148 do_initcalls+0x5c/0x9c do_basic_setup+0x24/0x30 kernel_init_freeable+0xec/0x164 kernel_init+0x28/0x120 ret_from_fork+0x10/0x20 INFO: task kworker/u16:0:9 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008 Workqueue: events_unbound deferred_probe_work_func Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c schedule_preempt_disabled+0x2c/0x48 __mutex_lock+0x238/0x488 __mutex_lock_slowpath+0x1c/0x28 mutex_lock+0x50/0x74 clk_prepare_lock+0x7c/0x9c clk_core_prepare_lock+0x20/0x44 clk_prepare+0x24/0x30 clk_bulk_prepare+0x40/0xb0 mdss_runtime_resume+0x54/0x1c8 pm_generic_runtime_resume+0x30/0x44 __genpd_runtime_resume+0x68/0x7c genpd_runtime_resume+0x108/0x1f4 __rpm_callback+0x84/0x144 rpm_callback+0x30/0x88 rpm_resume+0x1f4/0x52c rpm_resume+0x178/0x52c __pm_runtime_resume+0x58/0x98 __device_attach+0xe0/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c device_add+0x644/0x814 mipi_dsi_device_register_full+0xe4/0x170 devm_mipi_dsi_device_register_full+0x28/0x70 ti_sn_bridge_probe+0x1dc/0x2c0 auxiliary_bus_probe+0x4c/0x94 really_probe+0xcc/0x2c8 __driver_probe_device+0xa8/0x130 driver_probe_device+0x48/0x110 __device_attach_driver+0xa4/0xcc bus_for_each_drv+0x8c/0xd8 __device_attach+0xf8/0x170 device_initial_probe+0x1c/0x28 bus_probe_device+0x3c/0x9c deferred_probe_work_func+0x9c/0xd8 process_one_work+0x148/0x518 worker_thread+0x138/0x350 kthread+0x138/0x1e0 ret_from_fork+0x10/0x20 The first thread is walking the clk tree and calling clk_pm_runtime_get() to power on devices required to read the clk hardware via struct clk_ops::is_enabled(). This thread holds the clk prepare_lock, and is trying to runtime PM resume a device, when it finds that the device is in the process of resuming so the thread schedule()s away waiting for the device to finish resuming before continuing. The second thread is runtime PM resuming the same device, but the runtime resume callback is calling clk_prepare(), trying to grab the prepare_lock waiting on the first thread. This is a classic ABBA deadlock. To properly fix the deadlock, we must never runtime PM resume or suspend a device with the clk prepare_lock held. Actually doing that is near impossible today because the global prepare_lock would have to be dropped in the middle of the tree, the device runtime PM resumed/suspended, and then the prepare_lock grabbed again to ensure consistency of the clk tree topology. If anything changes with the clk tree in the meantime, we've lost and will need to start the operation all over again. Luckily, most of the time we're simply incrementing or decrementing the runtime PM count on an active device, so we don't have the chance to schedule away with the prepare_lock held. Let's fix this immediate problem that can be ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-27004 is a vulnerability identified in the Linux kernel related to the clock (clk) subsystem's runtime power management (PM) implementation. The issue arises from a classic ABBA deadlock scenario involving two kernel threads interacting with the clk tree and device runtime PM operations. Specifically, one thread walks the clk tree and calls clk_pm_runtime_get() to power on devices required to read clock hardware status, holding the clk prepare_lock while attempting to runtime PM resume a device. This thread schedules away waiting for the device to finish resuming. Concurrently, a second thread is performing a runtime PM resume on the same device, and during its resume callback, it calls clk_prepare(), attempting to acquire the same prepare_lock held by the first thread. This circular dependency results in a deadlock, causing kernel tasks to hang for extended periods (over 122 seconds as observed). The deadlock occurs because the runtime PM resume or suspend operations are performed while holding the clk prepare_lock, which is not designed to be released and reacquired mid-operation without risking inconsistency in the clk tree topology. The complexity of the clk tree and the global nature of the prepare_lock make it difficult to restructure the locking to avoid this deadlock without risking other issues. The vulnerability manifests as system hangs or blocked kernel tasks, impacting system availability. Although the full fix is complex, the immediate resolution involves avoiding runtime PM resume or suspend calls while holding the prepare_lock, reducing the likelihood of this deadlock. This vulnerability affects Linux kernel versions around 5.15.149 and possibly others with similar clk subsystem implementations. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based systems, especially those using kernel versions affected by this vulnerability, the primary impact is on system availability and stability. Systems may experience hangs or blocked kernel tasks, leading to degraded performance or complete system unresponsiveness. This can disrupt critical services, especially in environments where Linux is used for servers, embedded devices, or infrastructure components. Industries such as telecommunications, manufacturing, finance, and public sector entities that deploy Linux in their operational technology or IT infrastructure could face operational interruptions. The deadlock could affect devices that rely heavily on runtime power management, including mobile devices, IoT gateways, and edge computing platforms. While confidentiality and integrity are not directly impacted by this vulnerability, the availability impact can lead to denial of service conditions, potentially causing downtime and associated financial and reputational damage. Given the complexity of the issue, recovery may require system reboots or kernel updates, which could be disruptive in production environments.
Mitigation Recommendations
To mitigate CVE-2024-27004, European organizations should: 1) Prioritize updating Linux kernels to versions where this vulnerability is patched or mitigated, as the Linux kernel community has addressed the deadlock by modifying runtime PM calls to avoid holding the clk prepare_lock during resume/suspend operations. 2) For systems where immediate kernel updates are not feasible, consider applying vendor-provided backported patches or workarounds that address the deadlock condition. 3) Monitor system logs for hung task warnings related to clk and runtime PM operations to detect potential deadlock occurrences early. 4) In environments with custom kernel builds or embedded Linux devices, coordinate with vendors or internal development teams to integrate the fix or implement equivalent locking changes. 5) Implement robust system monitoring and automated recovery mechanisms to detect and remediate hung tasks or system unresponsiveness caused by this deadlock. 6) Test kernel updates and patches in staging environments to ensure stability before deployment in production, as changes to power management and clock subsystems can have broad effects. 7) Review and optimize device driver interactions with the clk subsystem to minimize complex locking scenarios that could exacerbate deadlocks. These steps go beyond generic advice by focusing on kernel version management, targeted monitoring, and vendor coordination specific to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.207Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe3086
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 2:12:20 PM
Last updated: 7/31/2025, 7:11:44 PM
Views: 16
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.