CVE-2024-56618: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panic still be triggered: [ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt [ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1 [ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT) [ 4.012985] Call trace: [...] [ 4.013029] arm64_serror_panic+0x64/0x70 [ 4.013034] do_serror+0x3c/0x70 [ 4.013039] el1h_64_error_handler+0x30/0x54 [ 4.013046] el1h_64_error+0x64/0x68 [ 4.013050] clk_imx8mp_audiomix_runtime_resume+0x38/0x48 [ 4.013059] __genpd_runtime_resume+0x30/0x80 [ 4.013066] genpd_runtime_resume+0x114/0x29c [ 4.013073] __rpm_callback+0x48/0x1e0 [ 4.013079] rpm_callback+0x68/0x80 [ 4.013084] rpm_resume+0x3bc/0x6a0 [ 4.013089] __pm_runtime_resume+0x50/0x9c [ 4.013095] pm_runtime_get_suppliers+0x60/0x8c [ 4.013101] __driver_probe_device+0x4c/0x14c [ 4.013108] driver_probe_device+0x3c/0x120 [ 4.013114] __driver_attach+0xc4/0x200 [ 4.013119] bus_for_each_dev+0x7c/0xe0 [ 4.013125] driver_attach+0x24/0x30 [ 4.013130] bus_add_driver+0x110/0x240 [ 4.013135] driver_register+0x68/0x124 [ 4.013142] __platform_driver_register+0x24/0x30 [ 4.013149] sdma_driver_init+0x20/0x1000 [imx_sdma] [ 4.013163] do_one_initcall+0x60/0x1e0 [ 4.013168] do_init_module+0x5c/0x21c [ 4.013175] load_module+0x1a98/0x205c [ 4.013181] init_module_from_file+0x88/0xd4 [ 4.013187] __arm64_sys_finit_module+0x258/0x350 [ 4.013194] invoke_syscall.constprop.0+0x50/0xe0 [ 4.013202] do_el0_svc+0xa8/0xe0 [ 4.013208] el0_svc+0x3c/0x140 [ 4.013215] el0t_64_sync_handler+0x120/0x12c [ 4.013222] el0t_64_sync+0x190/0x194 [ 4.013228] SMP: stopping secondary CPUs The correct way is to wait handshake, but it needs BUS clock of BLK-CTL be enabled, which is in separate driver. So delay is the only option here. The udelay(10) is a data got by experiment.
AI Analysis
Technical Summary
CVE-2024-56618 is a vulnerability identified in the Linux kernel, specifically affecting the power management domain (pmdomain) implementation for the i.MX8M Plus (imx8mp) platform. The issue arises from an insufficient delay (udelay(5)) after the power-up handshake sequence in the gpcv2 power controller driver. This inadequate delay can lead to a race condition where the kernel attempts to resume runtime power management before the hardware is fully ready, resulting in an asynchronous SError interrupt and causing a kernel panic. The panic trace indicates that the fault occurs during the runtime resume of the audio mix clock (clk_imx8mp_audiomix_runtime_resume) and related power management callbacks. The root cause is that the required BUS clock for the block control (BLK-CTL) must be enabled to properly wait for the handshake, but this clock is managed by a separate driver, making direct synchronization difficult. Consequently, the fix involves increasing the delay from 5 microseconds to 10 microseconds (udelay(10)) based on experimental data to ensure the hardware is ready before proceeding. This vulnerability affects Linux kernel versions containing the specified commit hashes and is particularly relevant to embedded systems using the Toradex Verdin iMX8M Plus WB module or similar hardware platforms. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
The vulnerability can cause kernel panics on affected devices, leading to system crashes and loss of availability. For European organizations deploying embedded Linux systems based on the i.MX8M Plus platform—commonly used in industrial automation, IoT devices, automotive infotainment, and edge computing—this can result in unexpected downtime, operational disruption, and potential safety risks if critical systems reboot unexpectedly. The kernel panic triggered by asynchronous SError interrupts affects system stability and could complicate maintenance and reliability of devices in production environments. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact is significant, especially for real-time or safety-critical applications. The lack of known exploits reduces immediate risk, but the hardware-specific nature means organizations using affected hardware must prioritize patching to prevent service interruptions.
Mitigation Recommendations
Organizations should promptly apply the Linux kernel patch that increases the delay after the power-up handshake from 5 to 10 microseconds in the pmdomain imx gpcv2 driver. This patch is essential to prevent kernel panics related to asynchronous SError interrupts. For embedded device manufacturers and integrators, it is critical to update the kernel version in their firmware builds to include this fix. Additionally, thorough testing of power management sequences on affected hardware platforms should be conducted to ensure stability post-patch. Monitoring kernel logs for signs of asynchronous SError interrupts or runtime resume failures can help detect unpatched systems. Where possible, coordinate with hardware vendors like Toradex to obtain updated BSPs (Board Support Packages) that incorporate this fix. Avoid custom modifications that alter power management timing without thorough validation. Finally, implement robust fallback and recovery mechanisms in embedded systems to handle unexpected kernel panics gracefully, minimizing operational impact.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland
CVE-2024-56618: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panic still be triggered: [ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt [ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1 [ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT) [ 4.012985] Call trace: [...] [ 4.013029] arm64_serror_panic+0x64/0x70 [ 4.013034] do_serror+0x3c/0x70 [ 4.013039] el1h_64_error_handler+0x30/0x54 [ 4.013046] el1h_64_error+0x64/0x68 [ 4.013050] clk_imx8mp_audiomix_runtime_resume+0x38/0x48 [ 4.013059] __genpd_runtime_resume+0x30/0x80 [ 4.013066] genpd_runtime_resume+0x114/0x29c [ 4.013073] __rpm_callback+0x48/0x1e0 [ 4.013079] rpm_callback+0x68/0x80 [ 4.013084] rpm_resume+0x3bc/0x6a0 [ 4.013089] __pm_runtime_resume+0x50/0x9c [ 4.013095] pm_runtime_get_suppliers+0x60/0x8c [ 4.013101] __driver_probe_device+0x4c/0x14c [ 4.013108] driver_probe_device+0x3c/0x120 [ 4.013114] __driver_attach+0xc4/0x200 [ 4.013119] bus_for_each_dev+0x7c/0xe0 [ 4.013125] driver_attach+0x24/0x30 [ 4.013130] bus_add_driver+0x110/0x240 [ 4.013135] driver_register+0x68/0x124 [ 4.013142] __platform_driver_register+0x24/0x30 [ 4.013149] sdma_driver_init+0x20/0x1000 [imx_sdma] [ 4.013163] do_one_initcall+0x60/0x1e0 [ 4.013168] do_init_module+0x5c/0x21c [ 4.013175] load_module+0x1a98/0x205c [ 4.013181] init_module_from_file+0x88/0xd4 [ 4.013187] __arm64_sys_finit_module+0x258/0x350 [ 4.013194] invoke_syscall.constprop.0+0x50/0xe0 [ 4.013202] do_el0_svc+0xa8/0xe0 [ 4.013208] el0_svc+0x3c/0x140 [ 4.013215] el0t_64_sync_handler+0x120/0x12c [ 4.013222] el0t_64_sync+0x190/0x194 [ 4.013228] SMP: stopping secondary CPUs The correct way is to wait handshake, but it needs BUS clock of BLK-CTL be enabled, which is in separate driver. So delay is the only option here. The udelay(10) is a data got by experiment.
AI-Powered Analysis
Technical Analysis
CVE-2024-56618 is a vulnerability identified in the Linux kernel, specifically affecting the power management domain (pmdomain) implementation for the i.MX8M Plus (imx8mp) platform. The issue arises from an insufficient delay (udelay(5)) after the power-up handshake sequence in the gpcv2 power controller driver. This inadequate delay can lead to a race condition where the kernel attempts to resume runtime power management before the hardware is fully ready, resulting in an asynchronous SError interrupt and causing a kernel panic. The panic trace indicates that the fault occurs during the runtime resume of the audio mix clock (clk_imx8mp_audiomix_runtime_resume) and related power management callbacks. The root cause is that the required BUS clock for the block control (BLK-CTL) must be enabled to properly wait for the handshake, but this clock is managed by a separate driver, making direct synchronization difficult. Consequently, the fix involves increasing the delay from 5 microseconds to 10 microseconds (udelay(10)) based on experimental data to ensure the hardware is ready before proceeding. This vulnerability affects Linux kernel versions containing the specified commit hashes and is particularly relevant to embedded systems using the Toradex Verdin iMX8M Plus WB module or similar hardware platforms. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
The vulnerability can cause kernel panics on affected devices, leading to system crashes and loss of availability. For European organizations deploying embedded Linux systems based on the i.MX8M Plus platform—commonly used in industrial automation, IoT devices, automotive infotainment, and edge computing—this can result in unexpected downtime, operational disruption, and potential safety risks if critical systems reboot unexpectedly. The kernel panic triggered by asynchronous SError interrupts affects system stability and could complicate maintenance and reliability of devices in production environments. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact is significant, especially for real-time or safety-critical applications. The lack of known exploits reduces immediate risk, but the hardware-specific nature means organizations using affected hardware must prioritize patching to prevent service interruptions.
Mitigation Recommendations
Organizations should promptly apply the Linux kernel patch that increases the delay after the power-up handshake from 5 to 10 microseconds in the pmdomain imx gpcv2 driver. This patch is essential to prevent kernel panics related to asynchronous SError interrupts. For embedded device manufacturers and integrators, it is critical to update the kernel version in their firmware builds to include this fix. Additionally, thorough testing of power management sequences on affected hardware platforms should be conducted to ensure stability post-patch. Monitoring kernel logs for signs of asynchronous SError interrupts or runtime resume failures can help detect unpatched systems. Where possible, coordinate with hardware vendors like Toradex to obtain updated BSPs (Board Support Packages) that incorporate this fix. Avoid custom modifications that alter power management timing without thorough validation. Finally, implement robust fallback and recovery mechanisms in embedded systems to handle unexpected kernel panics gracefully, minimizing operational impact.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.016Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf3cc
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 12:27:21 PM
Last updated: 8/9/2025, 9:44:56 AM
Views: 12
Related Threats
CVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-50862: n/a
MediumCVE-2025-50861: n/a
HighCVE-2025-8978: Insufficient Verification of Data Authenticity in D-Link DIR-619L
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.