CVE-2024-53152: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the tegra194 endpoint SoCs supported as of now depend on the refclk from the host for keeping the controller operational. Due to this limitation, any access to the hardware registers in the absence of refclk will result in a whole endpoint crash. Unfortunately, most of the controller cleanups require accessing the hardware registers (like eDMA cleanup performed in dw_pcie_ep_cleanup(), etc...). So these cleanup functions can cause the crash in the endpoint SoC once host asserts PERST#. One way to address this issue is by generating the refclk in the endpoint itself and not depending on the host. But that is not always possible as some of the endpoint designs do require the endpoint to consume refclk from the host. Thus, fix this crash by moving the controller cleanups to the start of the pex_ep_event_pex_rst_deassert() function. This function is called whenever the host has deasserted PERST# and it is guaranteed that the refclk would be active at this point. So at the start of this function (after enabling resources) the controller cleanup can be performed. Once finished, rest of the code execution for PERST# deassert can continue as usual.
AI Analysis
Technical Summary
CVE-2024-53152 is a vulnerability identified in the Linux kernel specifically affecting the PCIe endpoint controller implementation for the NVIDIA Tegra194 SoC platform. The root cause stems from the timing and sequence of controller cleanup operations during the PCIe reset sequence. In the affected code, the cleanup functions dw_pcie_ep_cleanup() and pci_epc_deinit_notify() are invoked during the assertion of the PCIe reset signal (PERST#) from the host. However, shortly after this reset assertion, the host disables the reference clock (refclk) that the Tegra194 endpoint depends on to keep the PCIe controller operational. Since the cleanup functions require access to hardware registers, and these registers become inaccessible without the refclk, invoking these functions during reset assertion leads to a crash of the endpoint SoC. The vulnerability arises because the endpoint SoC design depends on the host-provided refclk, and the cleanup functions are called prematurely when the refclk is no longer active. The fix involves deferring the controller cleanup operations to the start of the PCIe reset deassertion event (pex_ep_event_pex_rst_deassert()), which is guaranteed to occur when the refclk is active again. By moving the cleanup to this later stage, the kernel avoids accessing hardware registers without a valid clock, preventing the endpoint crash. This vulnerability is specific to Tegra194-based endpoints and their PCIe controller handling within the Linux kernel. It does not affect all Linux systems but targets embedded or specialized devices using this SoC and kernel version. No known exploits are reported in the wild as of now, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of this vulnerability depends largely on the deployment of Tegra194-based embedded systems running Linux kernels with the affected PCIe controller code. Such devices may be found in industrial control systems, automotive infotainment, robotics, or specialized networking equipment. A crash of the endpoint SoC due to this vulnerability could lead to denial of service conditions, causing system instability or downtime. This could disrupt critical operations in manufacturing plants, transportation systems, or other infrastructure relying on these embedded devices. While the vulnerability does not directly lead to privilege escalation or data breach, the availability impact could be significant in environments where uptime and reliability are critical. Furthermore, recovery from such crashes may require manual intervention or system reboot, increasing operational costs and risk of cascading failures. Since the vulnerability requires the host to assert PERST# and disable refclk, exploitation is limited to scenarios where the host initiates PCIe reset sequences, which may be triggered during system updates or hardware resets. The absence of known exploits reduces immediate risk, but organizations using affected Tegra194 devices should prioritize patching to prevent potential denial of service incidents.
Mitigation Recommendations
1. Apply the official Linux kernel patch that moves the PCIe controller cleanup functions to the reset deassertion phase as described in the fix for CVE-2024-53152. This is the definitive solution to prevent endpoint crashes. 2. Identify and inventory all devices running Tegra194 SoCs or similar endpoint hardware that rely on host-provided refclk for PCIe operation. 3. For embedded systems where kernel updates are challenging, consider isolating or controlling PCIe reset signals from the host to avoid triggering the vulnerable cleanup sequence. 4. Monitor system logs and hardware status for signs of unexpected PCIe endpoint crashes or resets, which could indicate attempts to exploit this vulnerability. 5. Coordinate with device vendors and embedded system integrators to ensure firmware and kernel versions include this fix. 6. Implement robust recovery procedures to minimize downtime if endpoint crashes occur, including automated reboot scripts and alerting mechanisms. 7. Where possible, evaluate hardware designs to generate refclk internally on the endpoint to reduce dependency on host clocks, mitigating similar issues in future designs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Sweden, Finland
CVE-2024-53152: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the tegra194 endpoint SoCs supported as of now depend on the refclk from the host for keeping the controller operational. Due to this limitation, any access to the hardware registers in the absence of refclk will result in a whole endpoint crash. Unfortunately, most of the controller cleanups require accessing the hardware registers (like eDMA cleanup performed in dw_pcie_ep_cleanup(), etc...). So these cleanup functions can cause the crash in the endpoint SoC once host asserts PERST#. One way to address this issue is by generating the refclk in the endpoint itself and not depending on the host. But that is not always possible as some of the endpoint designs do require the endpoint to consume refclk from the host. Thus, fix this crash by moving the controller cleanups to the start of the pex_ep_event_pex_rst_deassert() function. This function is called whenever the host has deasserted PERST# and it is guaranteed that the refclk would be active at this point. So at the start of this function (after enabling resources) the controller cleanup can be performed. Once finished, rest of the code execution for PERST# deassert can continue as usual.
AI-Powered Analysis
Technical Analysis
CVE-2024-53152 is a vulnerability identified in the Linux kernel specifically affecting the PCIe endpoint controller implementation for the NVIDIA Tegra194 SoC platform. The root cause stems from the timing and sequence of controller cleanup operations during the PCIe reset sequence. In the affected code, the cleanup functions dw_pcie_ep_cleanup() and pci_epc_deinit_notify() are invoked during the assertion of the PCIe reset signal (PERST#) from the host. However, shortly after this reset assertion, the host disables the reference clock (refclk) that the Tegra194 endpoint depends on to keep the PCIe controller operational. Since the cleanup functions require access to hardware registers, and these registers become inaccessible without the refclk, invoking these functions during reset assertion leads to a crash of the endpoint SoC. The vulnerability arises because the endpoint SoC design depends on the host-provided refclk, and the cleanup functions are called prematurely when the refclk is no longer active. The fix involves deferring the controller cleanup operations to the start of the PCIe reset deassertion event (pex_ep_event_pex_rst_deassert()), which is guaranteed to occur when the refclk is active again. By moving the cleanup to this later stage, the kernel avoids accessing hardware registers without a valid clock, preventing the endpoint crash. This vulnerability is specific to Tegra194-based endpoints and their PCIe controller handling within the Linux kernel. It does not affect all Linux systems but targets embedded or specialized devices using this SoC and kernel version. No known exploits are reported in the wild as of now, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of this vulnerability depends largely on the deployment of Tegra194-based embedded systems running Linux kernels with the affected PCIe controller code. Such devices may be found in industrial control systems, automotive infotainment, robotics, or specialized networking equipment. A crash of the endpoint SoC due to this vulnerability could lead to denial of service conditions, causing system instability or downtime. This could disrupt critical operations in manufacturing plants, transportation systems, or other infrastructure relying on these embedded devices. While the vulnerability does not directly lead to privilege escalation or data breach, the availability impact could be significant in environments where uptime and reliability are critical. Furthermore, recovery from such crashes may require manual intervention or system reboot, increasing operational costs and risk of cascading failures. Since the vulnerability requires the host to assert PERST# and disable refclk, exploitation is limited to scenarios where the host initiates PCIe reset sequences, which may be triggered during system updates or hardware resets. The absence of known exploits reduces immediate risk, but organizations using affected Tegra194 devices should prioritize patching to prevent potential denial of service incidents.
Mitigation Recommendations
1. Apply the official Linux kernel patch that moves the PCIe controller cleanup functions to the reset deassertion phase as described in the fix for CVE-2024-53152. This is the definitive solution to prevent endpoint crashes. 2. Identify and inventory all devices running Tegra194 SoCs or similar endpoint hardware that rely on host-provided refclk for PCIe operation. 3. For embedded systems where kernel updates are challenging, consider isolating or controlling PCIe reset signals from the host to avoid triggering the vulnerable cleanup sequence. 4. Monitor system logs and hardware status for signs of unexpected PCIe endpoint crashes or resets, which could indicate attempts to exploit this vulnerability. 5. Coordinate with device vendors and embedded system integrators to ensure firmware and kernel versions include this fix. 6. Implement robust recovery procedures to minimize downtime if endpoint crashes occur, including automated reboot scripts and alerting mechanisms. 7. Where possible, evaluate hardware designs to generate refclk internally on the endpoint to reduce dependency on host clocks, mitigating similar issues in future designs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:25.000Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbded68
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 10:10:55 AM
Last updated: 8/12/2025, 9:14:26 PM
Views: 14
Related Threats
CVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-50862: n/a
MediumCVE-2025-50861: n/a
HighCVE-2025-8978: Insufficient Verification of Data Authenticity in D-Link DIR-619L
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.