{"vulnerability": "CVE-2024-57889", "sightings": [{"uuid": "c28b4ece-f3f2-4dfe-b775-50f8d2877106", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57889", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrtyod23z2c", "content": "", "creation_timestamp": "2025-01-15T13:16:46.317588Z"}, {"uuid": "0f1125b4-e9f4-4841-9829-75cb8d5320a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57889", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1757", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-57889\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking\n\nIf a device uses MCP23xxx IO expander to receive IRQs, the following\nbug can happen:\n\n  BUG: sleeping function called from invalid context\n    at kernel/locking/mutex.c:283\n  in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...\n  preempt_count: 1, expected: 0\n  ...\n  Call Trace:\n  ...\n  __might_resched+0x104/0x10e\n  __might_sleep+0x3e/0x62\n  mutex_lock+0x20/0x4c\n  regmap_lock_mutex+0x10/0x18\n  regmap_update_bits_base+0x2c/0x66\n  mcp23s08_irq_set_type+0x1ae/0x1d6\n  __irq_set_trigger+0x56/0x172\n  __setup_irq+0x1e6/0x646\n  request_threaded_irq+0xb6/0x160\n  ...\n\nWe observed the problem while experimenting with a touchscreen driver which\nused MCP23017 IO expander (I2C).\n\nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from\nconcurrent accesses, which is the default for regmaps without .fast_io,\n.disable_locking, etc.\n\nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter\nlocks the mutex.\n\nHowever, __setup_irq() locks desc->lock spinlock before calling these\nfunctions. As a result, the system tries to lock the mutex whole holding\nthe spinlock.\n\nIt seems, the internal regmap locks are not needed in this driver at all.\nmcp->lock seems to protect the regmap from concurrent accesses already,\nexcept, probably, in mcp_pinconf_get/set.\n\nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under\nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes\nmcp->lock and enables regmap caching, so that the potentially slow I2C\naccesses are deferred until chip_bus_unlock().\n\nThe accesses to the regmap from mcp23s08_probe_one() do not need additional\nlocking.\n\nIn all remaining places where the regmap is accessed, except\nmcp_pinconf_get/set(), the driver already takes mcp->lock.\n\nThis patch adds locking in mcp_pinconf_get/set() and disables internal\nlocking in the regmap config. Among other things, it fixes the sleeping\nin atomic context described above.\n\ud83d\udccf Published: 2025-01-15T13:05:41.769Z\n\ud83d\udccf Modified: 2025-01-15T13:05:41.769Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/788d9e9a41b81893d6bb8faa05f045c975278318\n2. https://git.kernel.org/stable/c/c55d186376a87b468c9ee30f2195e0f3857f61a0\n3. https://git.kernel.org/stable/c/9372e160d8211a7e17f2abff8370794f182df785\n4. https://git.kernel.org/stable/c/0310cbad163a908d09d99c26827859365cd71fcb\n5. https://git.kernel.org/stable/c/8c6fd5803b988a5e78c9b9e42c70a936d7cfc6ec\n6. https://git.kernel.org/stable/c/830f838589522404cd7c2f0f540602f25034af61\n7. https://git.kernel.org/stable/c/a37eecb705f33726f1fb7cd2a67e514a15dfe693", "creation_timestamp": "2025-01-15T14:27:23.000000Z"}, {"uuid": "6e46ad47-0c84-4d6a-913c-12738fd85880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-57889", "type": "seen", "source": "https://t.me/cvedetector/15455", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-57889 - Linux Kernel PineA64 Pinctrl regmap(mutex)\", \n  \"Content\": \"CVE ID : CVE-2024-57889 \nPublished : Jan. 15, 2025, 1:15 p.m. | 36\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \npinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking  \n  \nIf a device uses MCP23xxx IO expander to receive IRQs, the following  \nbug can happen:  \n  \n  BUG: sleeping function called from invalid context  \n    at kernel/locking/mutex.c:283  \n  in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ...  \n  preempt_count: 1, expected: 0  \n  ...  \n  Call Trace:  \n  ...  \n  __might_resched+0x104/0x10e  \n  __might_sleep+0x3e/0x62  \n  mutex_lock+0x20/0x4c  \n  regmap_lock_mutex+0x10/0x18  \n  regmap_update_bits_base+0x2c/0x66  \n  mcp23s08_irq_set_type+0x1ae/0x1d6  \n  __irq_set_trigger+0x56/0x172  \n  __setup_irq+0x1e6/0x646  \n  request_threaded_irq+0xb6/0x160  \n  ...  \n  \nWe observed the problem while experimenting with a touchscreen driver which  \nused MCP23017 IO expander (I2C).  \n  \nThe regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from  \nconcurrent accesses, which is the default for regmaps without .fast_io,  \n.disable_locking, etc.  \n  \nmcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter  \nlocks the mutex.  \n  \nHowever, __setup_irq() locks desc->lock spinlock before calling these  \nfunctions. As a result, the system tries to lock the mutex whole holding  \nthe spinlock.  \n  \nIt seems, the internal regmap locks are not needed in this driver at all.  \nmcp->lock seems to protect the regmap from concurrent accesses already,  \nexcept, probably, in mcp_pinconf_get/set.  \n  \nmcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under  \nchip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes  \nmcp->lock and enables regmap caching, so that the potentially slow I2C  \naccesses are deferred until chip_bus_unlock().  \n  \nThe accesses to the regmap from mcp23s08_probe_one() do not need additional  \nlocking.  \n  \nIn all remaining places where the regmap is accessed, except  \nmcp_pinconf_get/set(), the driver already takes mcp->lock.  \n  \nThis patch adds locking in mcp_pinconf_get/set() and disables internal  \nlocking in the regmap config. Among other things, it fixes the sleeping  \nin atomic context described above. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-15T15:07:02.000000Z"}]}