CVE-2024-53053

scsi: ufs: core: Fix another deadlock during RTC update

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix another deadlock during RTC update If ufshcd_rtc_work calls ufshcd_rpm_put_sync() and the pm's usage_count is 0, we will enter the runtime suspend callback. However, the runtime suspend callback will wait to flush ufshcd_rtc_work, causing a deadlock. Replace ufshcd_rpm_put_sync() with ufshcd_rpm_put() to avoid the deadlock.

References

Link	Tags
https://git.kernel.org/stable/c/9aa1f0da237d6b16e36e0a0cc9f746d1d78396ed
https://git.kernel.org/stable/c/a128cfec44709ab1bd1f01d158569bcb2386f54f	patch
https://git.kernel.org/stable/c/cb7e509c4e0197f63717fee54fb41c4990ba8d3a	patch

Frequently Asked Questions

What is the severity of CVE-2024-53053?: CVE-2024-53053 has been scored as a medium severity vulnerability.
How to fix CVE-2024-53053?: To fix CVE-2024-53053, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53053 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-53053 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53053?: CVE-2024-53053 affects Linux Linux, Linux Linux.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

Description

Category

CWE-667 – Improper Locking

References

Frequently Asked Questions