CVE-2024-46693: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmic_glink child drivers, the protection-domain notifiers fires, and the associated work is scheduled, before the client registration returns and as a result the local "client" pointer has been initialized. The outcome of this is a NULL pointer dereference as the "client" pointer is blindly dereferenced. Timeline provided by Stephen: CPU0 CPU1 ---- ---- ucsi->client = NULL; devm_pmic_glink_register_client() client->pdr_notify(client->priv, pg->client_state) pmic_glink_ucsi_pdr_notify() schedule_work(&ucsi->register_work) <schedule away> pmic_glink_ucsi_register() ucsi_register() pmic_glink_ucsi_read_version() pmic_glink_ucsi_read() pmic_glink_ucsi_read() pmic_glink_send(ucsi->client) <client is NULL BAD> ucsi->client = client // Too late! This code is identical across the altmode, battery manager and usci child drivers. Resolve this by splitting the allocation of the "client" object and the registration thereof into two operations. This only happens if the protection domain registry is populated at the time of registration, which by the introduction of commit '1ebcde047c54 ("soc: qcom: add pd-mapper implementation")' became much more likely.
AI Analysis
Technical Summary
CVE-2024-46693 is a race condition vulnerability in the Linux kernel's Qualcomm PMIC (Power Management IC) Glink driver subsystem, specifically affecting the initialization sequence of pmic_glink child drivers such as altmode, battery manager, and UCSI (USB Type-C Connector System Software Interface). The flaw arises because during the initialization of these child drivers, a protection-domain notifier can trigger and schedule work before the client registration completes. This leads to a scenario where the local "client" pointer is dereferenced while still NULL, causing a NULL pointer dereference and likely kernel crash (denial of service). The root cause is that the client pointer is assigned after the notifier fires, but the notifier's scheduled work attempts to use the client pointer prematurely. The vulnerability became more probable following the introduction of the 'pd-mapper' implementation, which populates the protection domain registry earlier during registration. The fix involves splitting the allocation and registration of the client object into two separate operations to ensure the client pointer is valid before any notifier work is scheduled. This vulnerability affects Linux kernel versions containing the specified commit hashes and impacts systems using Qualcomm PMIC Glink drivers, which are common in embedded and mobile devices running Linux kernels with Qualcomm SoCs. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2024-46693 is potential denial of service (DoS) on devices running vulnerable Linux kernels with Qualcomm PMIC Glink drivers. This could affect embedded systems, IoT devices, mobile devices, and specialized industrial equipment that rely on Qualcomm SoCs and Linux kernels incorporating these drivers. A successful exploitation would cause kernel crashes due to NULL pointer dereferences, leading to system instability or downtime. Confidentiality and integrity impacts are minimal since this is a crash-inducing bug rather than an escalation or code execution vulnerability. However, availability impacts could be significant for critical infrastructure or industrial control systems using affected hardware, potentially disrupting operations. European enterprises with supply chains or products incorporating Qualcomm-based embedded Linux devices should assess exposure. The lack of known exploits reduces immediate risk, but the vulnerability's presence in kernel code used in many devices means that attackers could develop exploits in the future, especially if devices are exposed to hostile environments or untrusted inputs triggering the notifier.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this race condition as soon as they are available from trusted sources or Linux distributions. 2. For organizations using embedded or mobile devices with Qualcomm SoCs, coordinate with device vendors or OEMs to ensure firmware and kernel updates include this fix. 3. Implement robust monitoring for kernel crashes or unexpected reboots on affected devices to detect potential exploitation attempts. 4. Limit exposure of vulnerable devices to untrusted networks or inputs that could trigger the protection-domain notifier during initialization. 5. For critical systems, consider isolating or segmenting devices running vulnerable kernels to reduce attack surface. 6. Engage with hardware and software vendors to confirm the presence or absence of this vulnerability in their products and request timely updates. 7. Maintain an inventory of devices running Linux kernels with Qualcomm PMIC Glink drivers to prioritize patching and risk assessment. 8. Employ kernel hardening techniques and runtime protections where feasible to mitigate impact of kernel crashes.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland
CVE-2024-46693: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmic_glink: Fix race during initialization As pointed out by Stephen Boyd it is possible that during initialization of the pmic_glink child drivers, the protection-domain notifiers fires, and the associated work is scheduled, before the client registration returns and as a result the local "client" pointer has been initialized. The outcome of this is a NULL pointer dereference as the "client" pointer is blindly dereferenced. Timeline provided by Stephen: CPU0 CPU1 ---- ---- ucsi->client = NULL; devm_pmic_glink_register_client() client->pdr_notify(client->priv, pg->client_state) pmic_glink_ucsi_pdr_notify() schedule_work(&ucsi->register_work) <schedule away> pmic_glink_ucsi_register() ucsi_register() pmic_glink_ucsi_read_version() pmic_glink_ucsi_read() pmic_glink_ucsi_read() pmic_glink_send(ucsi->client) <client is NULL BAD> ucsi->client = client // Too late! This code is identical across the altmode, battery manager and usci child drivers. Resolve this by splitting the allocation of the "client" object and the registration thereof into two operations. This only happens if the protection domain registry is populated at the time of registration, which by the introduction of commit '1ebcde047c54 ("soc: qcom: add pd-mapper implementation")' became much more likely.
AI-Powered Analysis
Technical Analysis
CVE-2024-46693 is a race condition vulnerability in the Linux kernel's Qualcomm PMIC (Power Management IC) Glink driver subsystem, specifically affecting the initialization sequence of pmic_glink child drivers such as altmode, battery manager, and UCSI (USB Type-C Connector System Software Interface). The flaw arises because during the initialization of these child drivers, a protection-domain notifier can trigger and schedule work before the client registration completes. This leads to a scenario where the local "client" pointer is dereferenced while still NULL, causing a NULL pointer dereference and likely kernel crash (denial of service). The root cause is that the client pointer is assigned after the notifier fires, but the notifier's scheduled work attempts to use the client pointer prematurely. The vulnerability became more probable following the introduction of the 'pd-mapper' implementation, which populates the protection domain registry earlier during registration. The fix involves splitting the allocation and registration of the client object into two separate operations to ensure the client pointer is valid before any notifier work is scheduled. This vulnerability affects Linux kernel versions containing the specified commit hashes and impacts systems using Qualcomm PMIC Glink drivers, which are common in embedded and mobile devices running Linux kernels with Qualcomm SoCs. There are no known exploits in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the primary impact of CVE-2024-46693 is potential denial of service (DoS) on devices running vulnerable Linux kernels with Qualcomm PMIC Glink drivers. This could affect embedded systems, IoT devices, mobile devices, and specialized industrial equipment that rely on Qualcomm SoCs and Linux kernels incorporating these drivers. A successful exploitation would cause kernel crashes due to NULL pointer dereferences, leading to system instability or downtime. Confidentiality and integrity impacts are minimal since this is a crash-inducing bug rather than an escalation or code execution vulnerability. However, availability impacts could be significant for critical infrastructure or industrial control systems using affected hardware, potentially disrupting operations. European enterprises with supply chains or products incorporating Qualcomm-based embedded Linux devices should assess exposure. The lack of known exploits reduces immediate risk, but the vulnerability's presence in kernel code used in many devices means that attackers could develop exploits in the future, especially if devices are exposed to hostile environments or untrusted inputs triggering the notifier.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this race condition as soon as they are available from trusted sources or Linux distributions. 2. For organizations using embedded or mobile devices with Qualcomm SoCs, coordinate with device vendors or OEMs to ensure firmware and kernel updates include this fix. 3. Implement robust monitoring for kernel crashes or unexpected reboots on affected devices to detect potential exploitation attempts. 4. Limit exposure of vulnerable devices to untrusted networks or inputs that could trigger the protection-domain notifier during initialization. 5. For critical systems, consider isolating or segmenting devices running vulnerable kernels to reduce attack surface. 6. Engage with hardware and software vendors to confirm the presence or absence of this vulnerability in their products and request timely updates. 7. Maintain an inventory of devices running Linux kernels with Qualcomm PMIC Glink drivers to prioritize patching and risk assessment. 8. Employ kernel hardening techniques and runtime protections where feasible to mitigate impact of kernel crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.249Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0fce
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/29/2025, 12:25:26 AM
Last updated: 8/16/2025, 2:57:00 PM
Views: 13
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.