CVE-2024-53053 is a vulnerability identified in the Linux kernel specifically related to the SCSI UFS (Universal Flash Storage) core subsystem. The issue arises from a deadlock condition during the Real-Time Clock (RTC) update process. The root cause is a problematic interaction between the ufshcd_rtc_work function and the runtime power management (PM) callbacks. When ufshcd_rtc_work calls ufshcd_rpm_put_sync() while the PM's usage_count is zero, it triggers the runtime suspend callback. This callback, in turn, waits for the ufshcd_rtc_work to flush, creating a circular wait condition that results in a deadlock. The fix involves replacing the synchronous call ufshcd_rpm_put_sync() with the asynchronous ufshcd_rpm_put(), which prevents the deadlock by avoiding the blocking wait in the runtime suspend callback. This vulnerability affects specific Linux kernel versions identified by their commit hashes and impacts systems using the UFS storage interface. Since UFS is commonly used in embedded systems and mobile devices running Linux, the vulnerability could affect a range of devices relying on this storage technology. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

The primary impact of CVE-2024-53053 is a potential denial of service (DoS) condition due to a deadlock in the kernel's UFS driver. This deadlock can cause the affected system to hang or become unresponsive, impacting availability. For European organizations, especially those operating infrastructure or embedded devices running Linux with UFS storage (such as telecommunications equipment, industrial control systems, or mobile devices), this could lead to service interruptions or operational downtime. While the vulnerability does not directly expose confidentiality or integrity risks, the availability impact can be significant in critical environments. Systems that rely on real-time or continuous operation could be particularly vulnerable to disruptions caused by this deadlock. Given the lack of known exploits, the immediate risk is moderate, but unpatched systems remain susceptible to potential exploitation if attackers develop techniques to trigger the deadlock deliberately.

To mitigate CVE-2024-53053, organizations should promptly apply the official Linux kernel patches that replace ufshcd_rpm_put_sync() with ufshcd_rpm_put() in the UFS driver code. Since this is a kernel-level fix, updating to the latest stable Linux kernel version containing the patch is essential. For environments where immediate kernel upgrades are challenging, consider isolating or limiting the use of UFS storage devices or disabling runtime power management features related to UFS if feasible, to reduce the risk of triggering the deadlock. Additionally, monitoring system logs for signs of kernel hangs or deadlocks related to UFS operations can help detect attempts to exploit this vulnerability. Organizations should also ensure robust backup and recovery procedures are in place to minimize downtime impact. Coordination with hardware vendors to confirm firmware compatibility with updated kernels is recommended to avoid regressions.