CVE-2024-27004
📋 TL;DR
This CVE describes a deadlock vulnerability in the Linux kernel's clock framework where the clk_disable_unused function could cause a system hang. The issue occurs when two threads attempt to acquire locks in opposite order during runtime power management operations, leading to a complete system freeze. This affects Linux systems with specific hardware configurations that trigger the clock tree operations during boot or device probing.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Fedora by Fedoraproject
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Complete system hang requiring hard reboot, potentially causing data loss or service disruption.
Likely Case
System hangs during boot or device initialization, requiring manual intervention to restart.
If Mitigated
Minor performance impact from additional runtime PM checks, no security compromise.
🎯 Exploit Status
This is a reliability issue rather than a security vulnerability that can be actively exploited. The deadlock occurs under specific timing conditions during system operations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commit 115554862294397590088ba02f11f2aba6d5016c and related fixes
Vendor Advisory: https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For custom kernels, apply commit 115554862294397590088ba02f11f2aba6d5016c. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Disable deferred probe workqueue
linuxPrevent the deadlock by disabling the deferred probe mechanism that triggers the conflicting operations
echo N > /sys/module/driver/parameters/deferred_probe_timeout
Increase hung task timeout
linuxReduce impact by allowing system more time to recover from deadlock
echo 300 > /proc/sys/kernel/hung_task_timeout_secs
🧯 If You Can't Patch
- Monitor system for hung tasks and implement automated recovery procedures
- Avoid hardware configurations that trigger complex clock tree operations during runtime PM
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if system experiences hangs during boot with 'clk_disable_unused' in stack tracesCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes the fix commit and monitor for absence of deadlocks during system operations📡 Detection & Monitoring
Log Indicators:
- Kernel messages showing 'hung task' with clk_disable_unused in call trace
- System logs showing boot failures or device initialization hangs
Network Indicators:
- None - this is a local system issue
SIEM Query:
source="kernel" AND "hung task" AND "clk_disable_unused"🔗 References
- https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c
- https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba
- https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123
- https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5
- https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034
- https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc
- https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469
- https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c
- https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba
- https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123
- https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5
- https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034
- https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc
- https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
