CVE-2024-45029 is a vulnerability identified in the Linux kernel specifically affecting the tegra i2c module on ACPI-enabled machines. The root cause of the issue lies in improper locking behavior during runtime power management resume operations. The vulnerability manifests when a mutex lock is attempted inside a spinlock context, which is an invalid operation in kernel programming and leads to a BUG error: "sleeping function called from invalid context." Technically, during the __pm_runtime_resume() function, a spinlock (dev->power.lock) is acquired before calling rpm_resume(). The rpm_resume() function subsequently calls acpi_subsys_runtime_resume(), which internally uses mutexes. Since mutexes can sleep but spinlocks cannot, this results in a kernel bug due to the violation of locking rules. The fix implemented marks devices on ACPI as not IRQ-safe to prevent this unsafe locking sequence, acknowledging that acpi_subsys_runtime_resume() depends on mutexes and thus cannot be safely called under spinlock protection. This vulnerability is a kernel-level defect that can cause system instability or kernel panics when the affected code path is executed, particularly during power management resume cycles on ACPI machines using the tegra i2c driver. No known exploits are reported in the wild, and no CVSS score has been assigned yet.

For European organizations, the impact of CVE-2024-45029 primarily concerns system stability and availability rather than direct confidentiality or integrity breaches. Systems running Linux kernels with the affected tegra i2c module on ACPI hardware platforms may experience kernel panics or crashes during power management resume operations, potentially leading to unexpected downtime or service interruptions. This is particularly relevant for embedded systems, IoT devices, or specialized hardware using Nvidia Tegra SoCs running Linux with ACPI support. Organizations relying on such devices for critical infrastructure, industrial control, or edge computing could face operational disruptions. While no direct remote code execution or privilege escalation is indicated, the denial-of-service-like effect from kernel crashes can impact availability of services. European enterprises with Linux-based infrastructure that includes Tegra hardware or ACPI-enabled devices should be aware of this vulnerability to avoid unexpected system failures. The absence of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to maintain system reliability.

To mitigate CVE-2024-45029, organizations should apply the latest Linux kernel patches that include the fix marking ACPI devices as not IRQ-safe in the tegra i2c driver. Since this is a kernel-level issue, updating to a patched kernel version is the most effective and recommended approach. For environments where immediate patching is not feasible, consider the following additional steps: 1) Avoid using runtime power management features on affected devices if possible, to prevent triggering the problematic code path. 2) Monitor system logs for kernel BUG messages related to mutex and spinlock misuse, which can indicate attempts to trigger the vulnerability. 3) Test kernel updates in staging environments to ensure compatibility and stability before deployment. 4) For embedded or IoT devices, coordinate with hardware vendors or Linux distribution maintainers to obtain timely kernel updates. 5) Implement robust system monitoring and automated reboot mechanisms to minimize downtime in case of kernel panics. These targeted mitigations go beyond generic advice by focusing on the specific driver and power management context involved.