CVE-2024-46846: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system. This causes problems when the device is already runtime suspended when we go to sleep -- in which case we double-disable clocks and produce a WARNing. Switch back to pm_runtime_force_{suspend,resume}(), because that still seems like the right thing to do, and the aforementioned commit makes no explanation why it stopped using it. Also, refactor some of the resume() error handling, because it's not actually a good idea to re-disable clocks on failure.
AI Analysis
Technical Summary
CVE-2024-46846 addresses a vulnerability in the Linux kernel specifically related to the SPI (Serial Peripheral Interface) driver for Rockchip devices. The issue stems from improper handling of power management states during system suspend and resume operations. A commit (e882575efc77) intended to improve system suspend behavior disabled clocks unconditionally without considering the runtime power management (PM) status. This led to a scenario where if the device was already runtime suspended before system suspend, clocks would be disabled twice, causing kernel warnings and potentially unstable device behavior. The fix involves reverting to the use of pm_runtime_force_suspend and pm_runtime_force_resume functions, which properly respect runtime PM states, and refactoring error handling during resume to avoid re-disabling clocks on failure. This vulnerability is primarily a logic flaw in power management state transitions in the Linux kernel's Rockchip SPI driver, which could cause system instability or unexpected warnings during suspend/resume cycles. There is no evidence of active exploitation in the wild, and the vulnerability does not appear to allow privilege escalation or direct code execution but may affect system reliability and device availability on affected hardware.
Potential Impact
For European organizations, the impact of this vulnerability is mainly related to system stability and availability, particularly for embedded systems, IoT devices, or industrial equipment using Rockchip SoCs running Linux kernels with the affected SPI driver versions. Such devices are common in sectors like manufacturing, telecommunications, and smart infrastructure. Unstable suspend/resume behavior could lead to device malfunctions, increased maintenance costs, and potential downtime. While this vulnerability does not directly compromise confidentiality or integrity, the resulting system warnings and possible device unavailability could disrupt critical operations. Organizations relying on embedded Linux systems with Rockchip hardware should be aware of potential operational impacts, especially in environments where power management and device uptime are crucial. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to stability issues.
Mitigation Recommendations
Organizations should promptly apply the Linux kernel patches that address this issue by reverting to the correct runtime PM handling in the Rockchip SPI driver. Specifically, updating to kernel versions that include the fix for CVE-2024-46846 is essential. For embedded device manufacturers and system integrators, rebuilding and redeploying firmware with the patched kernel is recommended. Additionally, thorough testing of suspend/resume cycles should be conducted post-patch to ensure stability. Monitoring system logs for WARN messages related to clock management can help detect unpatched systems. Where immediate patching is not feasible, temporarily disabling system suspend features or runtime PM for the affected SPI devices may mitigate the risk of double clock disabling, though this can increase power consumption. Maintaining an inventory of devices using Rockchip SoCs and tracking kernel versions deployed will aid in targeted remediation efforts.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2024-46846: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system. This causes problems when the device is already runtime suspended when we go to sleep -- in which case we double-disable clocks and produce a WARNing. Switch back to pm_runtime_force_{suspend,resume}(), because that still seems like the right thing to do, and the aforementioned commit makes no explanation why it stopped using it. Also, refactor some of the resume() error handling, because it's not actually a good idea to re-disable clocks on failure.
AI-Powered Analysis
Technical Analysis
CVE-2024-46846 addresses a vulnerability in the Linux kernel specifically related to the SPI (Serial Peripheral Interface) driver for Rockchip devices. The issue stems from improper handling of power management states during system suspend and resume operations. A commit (e882575efc77) intended to improve system suspend behavior disabled clocks unconditionally without considering the runtime power management (PM) status. This led to a scenario where if the device was already runtime suspended before system suspend, clocks would be disabled twice, causing kernel warnings and potentially unstable device behavior. The fix involves reverting to the use of pm_runtime_force_suspend and pm_runtime_force_resume functions, which properly respect runtime PM states, and refactoring error handling during resume to avoid re-disabling clocks on failure. This vulnerability is primarily a logic flaw in power management state transitions in the Linux kernel's Rockchip SPI driver, which could cause system instability or unexpected warnings during suspend/resume cycles. There is no evidence of active exploitation in the wild, and the vulnerability does not appear to allow privilege escalation or direct code execution but may affect system reliability and device availability on affected hardware.
Potential Impact
For European organizations, the impact of this vulnerability is mainly related to system stability and availability, particularly for embedded systems, IoT devices, or industrial equipment using Rockchip SoCs running Linux kernels with the affected SPI driver versions. Such devices are common in sectors like manufacturing, telecommunications, and smart infrastructure. Unstable suspend/resume behavior could lead to device malfunctions, increased maintenance costs, and potential downtime. While this vulnerability does not directly compromise confidentiality or integrity, the resulting system warnings and possible device unavailability could disrupt critical operations. Organizations relying on embedded Linux systems with Rockchip hardware should be aware of potential operational impacts, especially in environments where power management and device uptime are crucial. The absence of known exploits reduces immediate risk, but unpatched systems remain vulnerable to stability issues.
Mitigation Recommendations
Organizations should promptly apply the Linux kernel patches that address this issue by reverting to the correct runtime PM handling in the Rockchip SPI driver. Specifically, updating to kernel versions that include the fix for CVE-2024-46846 is essential. For embedded device manufacturers and system integrators, rebuilding and redeploying firmware with the patched kernel is recommended. Additionally, thorough testing of suspend/resume cycles should be conducted post-patch to ensure stability. Monitoring system logs for WARN messages related to clock management can help detect unpatched systems. Where immediate patching is not feasible, temporarily disabling system suspend features or runtime PM for the affected SPI devices may mitigate the risk of double clock disabling, though this can increase power consumption. Maintaining an inventory of devices using Rockchip SoCs and tracking kernel versions deployed will aid in targeted remediation efforts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-11T15:12:18.289Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe02fa
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 6:41:17 PM
Last updated: 8/13/2025, 6:25:00 AM
Views: 14
Related Threats
CVE-2025-9000: Uncontrolled Search Path in Mechrevo Control Center GX V2
HighCVE-2025-8993: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8992: Cross-Site Request Forgery in mtons mblog
MediumCVE-2025-8991: Business Logic Errors in linlinjava litemall
MediumCVE-2025-8990: SQL Injection in code-projects Online Medicine Guide
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.