CVE-2024-57889: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.
AI Analysis
Technical Summary
CVE-2024-57889 addresses a concurrency and locking vulnerability in the Linux kernel's pinctrl driver for the MCP23S08 IO expander chip, which is part of the MCP23xxx family. The issue arises due to improper locking mechanisms when handling interrupts (IRQs) generated by devices using this IO expander, such as touchscreens employing MCP23017 via I2C. Specifically, the regmap subsystem used by the pinctrl-mcp23s08 driver employs a mutex to protect concurrent register accesses. However, during IRQ setup, a spinlock is held while the driver attempts to acquire this mutex, leading to a scenario where a sleeping function is called from an atomic context, which is invalid in the Linux kernel. This results in kernel BUGs and potential system instability or crashes. The root cause is that the internal regmap locking is redundant because the driver already uses its own lock (mcp->lock) to serialize access, except in a few functions (mcp_pinconf_get/set) which lacked proper locking. The patch disables internal regmap locking and adds explicit locking in these functions, preventing the mutex from being acquired while holding a spinlock and thus eliminating the atomic context sleep bug. This vulnerability is relevant for Linux kernel versions containing the affected pinctrl-mcp23s08 driver code and impacts systems using MCP23xxx IO expanders to handle IRQs, particularly over I2C. The problem manifests as kernel panics or BUGs during IRQ setup or handling, which can cause system crashes or denial of service. No evidence of exploitation in the wild is reported, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-57889 primarily concerns systems running Linux kernels with MCP23xxx IO expanders in use, notably in embedded devices, industrial control systems, or specialized hardware like touchscreens and IoT devices. Affected systems may experience kernel panics or crashes due to improper locking, leading to denial of service conditions. This can disrupt critical operations, especially in sectors relying on embedded Linux devices such as manufacturing automation, transportation, healthcare equipment, and telecommunications infrastructure. The vulnerability does not appear to allow privilege escalation or remote code execution directly but can cause system instability and downtime. Organizations with large deployments of Linux-based embedded devices using MCP23xxx chips are at higher risk. Given the widespread use of Linux in Europe across various industries, the potential for operational disruption exists, particularly in environments where device stability and uptime are critical. However, the impact is limited to systems using the affected hardware and driver combination, which narrows the scope somewhat.
Mitigation Recommendations
To mitigate CVE-2024-57889, European organizations should: 1) Apply the official Linux kernel patches that disable internal regmap locking and add proper locking in mcp_pinconf_get/set functions as soon as they become available in their kernel distributions. 2) Audit embedded Linux devices and systems to identify those using MCP23xxx IO expanders, especially MCP23S08 and MCP23017 chips, and verify kernel versions and driver usage. 3) For devices where kernel upgrades are not immediately feasible, consider isolating or limiting the use of affected hardware or disabling features that trigger IRQ handling via MCP23xxx expanders if possible. 4) Monitor kernel logs for BUG messages related to sleeping in atomic context or mutex locking failures to detect potential triggering of this vulnerability. 5) Coordinate with hardware and device vendors to ensure firmware or driver updates are provided and deployed timely. 6) Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of kernel panics. These steps go beyond generic advice by focusing on hardware-specific identification, kernel patching, and operational monitoring tailored to the nature of this concurrency bug.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Finland
CVE-2024-57889: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above.
AI-Powered Analysis
Technical Analysis
CVE-2024-57889 addresses a concurrency and locking vulnerability in the Linux kernel's pinctrl driver for the MCP23S08 IO expander chip, which is part of the MCP23xxx family. The issue arises due to improper locking mechanisms when handling interrupts (IRQs) generated by devices using this IO expander, such as touchscreens employing MCP23017 via I2C. Specifically, the regmap subsystem used by the pinctrl-mcp23s08 driver employs a mutex to protect concurrent register accesses. However, during IRQ setup, a spinlock is held while the driver attempts to acquire this mutex, leading to a scenario where a sleeping function is called from an atomic context, which is invalid in the Linux kernel. This results in kernel BUGs and potential system instability or crashes. The root cause is that the internal regmap locking is redundant because the driver already uses its own lock (mcp->lock) to serialize access, except in a few functions (mcp_pinconf_get/set) which lacked proper locking. The patch disables internal regmap locking and adds explicit locking in these functions, preventing the mutex from being acquired while holding a spinlock and thus eliminating the atomic context sleep bug. This vulnerability is relevant for Linux kernel versions containing the affected pinctrl-mcp23s08 driver code and impacts systems using MCP23xxx IO expanders to handle IRQs, particularly over I2C. The problem manifests as kernel panics or BUGs during IRQ setup or handling, which can cause system crashes or denial of service. No evidence of exploitation in the wild is reported, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, the impact of CVE-2024-57889 primarily concerns systems running Linux kernels with MCP23xxx IO expanders in use, notably in embedded devices, industrial control systems, or specialized hardware like touchscreens and IoT devices. Affected systems may experience kernel panics or crashes due to improper locking, leading to denial of service conditions. This can disrupt critical operations, especially in sectors relying on embedded Linux devices such as manufacturing automation, transportation, healthcare equipment, and telecommunications infrastructure. The vulnerability does not appear to allow privilege escalation or remote code execution directly but can cause system instability and downtime. Organizations with large deployments of Linux-based embedded devices using MCP23xxx chips are at higher risk. Given the widespread use of Linux in Europe across various industries, the potential for operational disruption exists, particularly in environments where device stability and uptime are critical. However, the impact is limited to systems using the affected hardware and driver combination, which narrows the scope somewhat.
Mitigation Recommendations
To mitigate CVE-2024-57889, European organizations should: 1) Apply the official Linux kernel patches that disable internal regmap locking and add proper locking in mcp_pinconf_get/set functions as soon as they become available in their kernel distributions. 2) Audit embedded Linux devices and systems to identify those using MCP23xxx IO expanders, especially MCP23S08 and MCP23017 chips, and verify kernel versions and driver usage. 3) For devices where kernel upgrades are not immediately feasible, consider isolating or limiting the use of affected hardware or disabling features that trigger IRQ handling via MCP23xxx expanders if possible. 4) Monitor kernel logs for BUG messages related to sleeping in atomic context or mutex locking failures to detect potential triggering of this vulnerability. 5) Coordinate with hardware and device vendors to ensure firmware or driver updates are provided and deployed timely. 6) Implement robust system monitoring and automated recovery mechanisms to minimize downtime in case of kernel panics. These steps go beyond generic advice by focusing on hardware-specific identification, kernel patching, and operational monitoring tailored to the nature of this concurrency bug.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-11T14:45:42.027Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde9a9
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 8:40:55 AM
Last updated: 8/3/2025, 12:19:56 AM
Views: 14
Related Threats
CVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighCVE-2025-8959: CWE-59: Improper Link Resolution Before File Access (Link Following) in HashiCorp Shared library
HighCVE-2025-44201
LowCVE-2025-36088: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Storage TS4500 Library
MediumCVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.