CVE-2024-35824: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() even if the device has already been turned off by the runtime-suspend handler and if configured for wakeup and the device is runtime-suspended at this point then it is not turned back on to serve as a wakeup source. Before commit b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback"), lis3lv02d_poweroff() failed to disable the regulators which as a side effect made calling poweroff() twice ok. Now that poweroff() correctly disables the regulators, doing this twice triggers a WARN() in the regulator core: unbalanced disables for regulator-dummy WARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable ... Fix lis3lv02d_i2c_suspend() to not call poweroff() a second time if already runtime-suspended and add a poweron() call when necessary to make wakeup work. lis3lv02d_i2c_resume() has similar issues, with an added weirness that it always powers on the device if it is runtime suspended, after which the first runtime-resume will call poweron() again, causing the enabled count for the regulator to increase by 1 every suspend/resume. These unbalanced regulator_enable() calls cause the regulator to never be turned off and trigger the following WARN() on driver unbind: WARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put Fix this by making lis3lv02d_i2c_resume() mirror the new suspend().
AI Analysis
Technical Summary
CVE-2024-35824 addresses a vulnerability in the Linux kernel's misc driver for the lis3lv02d_i2c device, which is an I2C interface for the LIS3LV02D accelerometer sensor. The issue arises from improper handling of power regulators during suspend and resume cycles. Specifically, the lis3lv02d_i2c_suspend() function may call lis3lv02d_poweroff() multiple times if the device is not configured for wakeup, even when the device has already been powered off by the runtime-suspend handler. Conversely, if the device is configured for wakeup and is runtime-suspended, it is not powered back on correctly to serve as a wakeup source. Prior to a key commit (b1b9f7a49440), the poweroff() function did not disable regulators, so multiple calls were tolerated. After the fix, poweroff() disables regulators properly, and calling it twice triggers warnings about unbalanced disables in the regulator core. Similarly, the resume function lis3lv02d_i2c_resume() incorrectly powers on the device even if it is runtime suspended, causing unbalanced regulator_enable() calls that prevent regulators from turning off and trigger warnings on driver unbind. The patch fixes these issues by ensuring suspend and resume functions correctly manage regulator enable/disable calls and power states, preventing unbalanced regulator usage and ensuring proper wakeup functionality. The vulnerability does not impact confidentiality or integrity but affects availability by potentially causing kernel warnings and improper power management, which could lead to device instability or increased power consumption. The CVSS score is 5.5 (medium severity), reflecting local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability.
Potential Impact
For European organizations, the impact of this vulnerability is primarily on systems running Linux kernels with the affected lis3lv02d_i2c driver, which is typically embedded in devices using the LIS3LV02D accelerometer sensor. This includes certain industrial control systems, IoT devices, and embedded platforms common in manufacturing, automotive, and consumer electronics sectors. The vulnerability can cause kernel warnings and improper power management during suspend/resume cycles, potentially leading to device instability, increased power consumption, or failure to wake from suspend states properly. While this does not directly compromise data confidentiality or integrity, it can degrade system reliability and availability, which is critical for industrial automation and embedded systems in European manufacturing and infrastructure. Organizations relying on Linux-based embedded devices with this sensor should be aware of potential operational disruptions and increased maintenance overhead. The absence of known exploits in the wild reduces immediate risk, but unpatched systems remain vulnerable to stability issues.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that fix this issue as soon as possible, ensuring their kernel versions include the commit b1b9f7a49440 or later. Specifically, they should: 1) Audit embedded and IoT devices using the lis3lv02d_i2c driver to identify affected systems. 2) Update Linux kernel versions on these devices to incorporate the fix that corrects regulator enable/disable handling during suspend/resume. 3) Test suspend/resume cycles post-patch to verify that wakeup functionality and power management operate correctly without kernel warnings. 4) For devices where kernel updates are not feasible, consider workarounds such as disabling suspend states or wakeup configurations for the lis3lv02d_i2c device to avoid triggering the bug. 5) Monitor system logs for regulator warnings that indicate unbalanced regulator calls, which can signal vulnerable or unpatched devices. 6) Coordinate with device vendors to obtain updated firmware or kernel versions addressing this issue. These steps go beyond generic advice by focusing on embedded device inventory, kernel patch management, and operational validation specific to the lis3lv02d_i2c driver and regulator subsystem.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Sweden, Finland
CVE-2024-35824: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume When not configured for wakeup lis3lv02d_i2c_suspend() will call lis3lv02d_poweroff() even if the device has already been turned off by the runtime-suspend handler and if configured for wakeup and the device is runtime-suspended at this point then it is not turned back on to serve as a wakeup source. Before commit b1b9f7a49440 ("misc: lis3lv02d_i2c: Add missing setting of the reg_ctrl callback"), lis3lv02d_poweroff() failed to disable the regulators which as a side effect made calling poweroff() twice ok. Now that poweroff() correctly disables the regulators, doing this twice triggers a WARN() in the regulator core: unbalanced disables for regulator-dummy WARNING: CPU: 1 PID: 92 at drivers/regulator/core.c:2999 _regulator_disable ... Fix lis3lv02d_i2c_suspend() to not call poweroff() a second time if already runtime-suspended and add a poweron() call when necessary to make wakeup work. lis3lv02d_i2c_resume() has similar issues, with an added weirness that it always powers on the device if it is runtime suspended, after which the first runtime-resume will call poweron() again, causing the enabled count for the regulator to increase by 1 every suspend/resume. These unbalanced regulator_enable() calls cause the regulator to never be turned off and trigger the following WARN() on driver unbind: WARNING: CPU: 1 PID: 1724 at drivers/regulator/core.c:2396 _regulator_put Fix this by making lis3lv02d_i2c_resume() mirror the new suspend().
AI-Powered Analysis
Technical Analysis
CVE-2024-35824 addresses a vulnerability in the Linux kernel's misc driver for the lis3lv02d_i2c device, which is an I2C interface for the LIS3LV02D accelerometer sensor. The issue arises from improper handling of power regulators during suspend and resume cycles. Specifically, the lis3lv02d_i2c_suspend() function may call lis3lv02d_poweroff() multiple times if the device is not configured for wakeup, even when the device has already been powered off by the runtime-suspend handler. Conversely, if the device is configured for wakeup and is runtime-suspended, it is not powered back on correctly to serve as a wakeup source. Prior to a key commit (b1b9f7a49440), the poweroff() function did not disable regulators, so multiple calls were tolerated. After the fix, poweroff() disables regulators properly, and calling it twice triggers warnings about unbalanced disables in the regulator core. Similarly, the resume function lis3lv02d_i2c_resume() incorrectly powers on the device even if it is runtime suspended, causing unbalanced regulator_enable() calls that prevent regulators from turning off and trigger warnings on driver unbind. The patch fixes these issues by ensuring suspend and resume functions correctly manage regulator enable/disable calls and power states, preventing unbalanced regulator usage and ensuring proper wakeup functionality. The vulnerability does not impact confidentiality or integrity but affects availability by potentially causing kernel warnings and improper power management, which could lead to device instability or increased power consumption. The CVSS score is 5.5 (medium severity), reflecting local attack vector, low complexity, low privileges required, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability.
Potential Impact
For European organizations, the impact of this vulnerability is primarily on systems running Linux kernels with the affected lis3lv02d_i2c driver, which is typically embedded in devices using the LIS3LV02D accelerometer sensor. This includes certain industrial control systems, IoT devices, and embedded platforms common in manufacturing, automotive, and consumer electronics sectors. The vulnerability can cause kernel warnings and improper power management during suspend/resume cycles, potentially leading to device instability, increased power consumption, or failure to wake from suspend states properly. While this does not directly compromise data confidentiality or integrity, it can degrade system reliability and availability, which is critical for industrial automation and embedded systems in European manufacturing and infrastructure. Organizations relying on Linux-based embedded devices with this sensor should be aware of potential operational disruptions and increased maintenance overhead. The absence of known exploits in the wild reduces immediate risk, but unpatched systems remain vulnerable to stability issues.
Mitigation Recommendations
European organizations should apply the Linux kernel patches that fix this issue as soon as possible, ensuring their kernel versions include the commit b1b9f7a49440 or later. Specifically, they should: 1) Audit embedded and IoT devices using the lis3lv02d_i2c driver to identify affected systems. 2) Update Linux kernel versions on these devices to incorporate the fix that corrects regulator enable/disable handling during suspend/resume. 3) Test suspend/resume cycles post-patch to verify that wakeup functionality and power management operate correctly without kernel warnings. 4) For devices where kernel updates are not feasible, consider workarounds such as disabling suspend states or wakeup configurations for the lis3lv02d_i2c device to avoid triggering the bug. 5) Monitor system logs for regulator warnings that indicate unbalanced regulator calls, which can signal vulnerable or unpatched devices. 6) Coordinate with device vendors to obtain updated firmware or kernel versions addressing this issue. These steps go beyond generic advice by focusing on embedded device inventory, kernel patch management, and operational validation specific to the lis3lv02d_i2c driver and regulator subsystem.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T12:19:12.346Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d982ac4522896dcbe357d
Added to database: 5/21/2025, 9:08:58 AM
Last enriched: 6/29/2025, 4:12:31 PM
Last updated: 7/30/2025, 7:33:08 PM
Views: 10
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.