CVE-2024-42153
📋 TL;DR
This CVE addresses a potential deadlock vulnerability in the Linux kernel's I2C PNX driver. When del_timer_sync() is called from an interrupt service routine (ISR), it can trigger a warning about possible deadlock scenarios. The vulnerability affects systems using the affected I2C driver in the Linux kernel.
💻 Affected Systems
- Linux kernel with I2C PNX driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic or system lockup due to deadlock in interrupt context, leading to denial of service.
Likely Case
Kernel warning messages in system logs and potential performance degradation in I2C operations.
If Mitigated
Minor performance impact during I2C timeout handling with warning messages in logs.
🎯 Exploit Status
Requires triggering specific I2C operations on affected hardware to reach the vulnerable code path
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel commits listed in references
Vendor Advisory: https://git.kernel.org/stable/c/27cd3873fa76ebeb9f948baae40cb9a6d8692289
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits
2. Rebuild kernel if compiling from source
3. Reboot system to load patched kernel
🔧 Temporary Workarounds
Disable I2C PNX driver
linuxRemove or blacklist the affected I2C driver module
echo 'blacklist i2c-pnx' >> /etc/modprobe.d/blacklist.conf
rmmod i2c-pnx
🧯 If You Can't Patch
- Monitor system logs for deadlock warnings related to I2C operations
- Consider disabling I2C functionality if not required for system operation
🔍 How to Verify
Check if Vulnerable:
Check kernel version and verify if I2C PNX driver is loaded: lsmod | grep i2c-pnxCheck Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits and check dmesg for absence of deadlock warnings📡 Detection & Monitoring
Log Indicators:
- Kernel warning messages about 'del_timer_sync() called from IRQ'
- I2C timeout or error messages in system logs
Network Indicators:
- None - this is a local driver issue
SIEM Query:
source="kernel" AND "del_timer_sync" AND "IRQ"🔗 References
- https://git.kernel.org/stable/c/27cd3873fa76ebeb9f948baae40cb9a6d8692289
- https://git.kernel.org/stable/c/2849a1b747cf37aa5b684527104d3a53f1e296d2
- https://git.kernel.org/stable/c/3503372d0bf7b324ec0bd6b90606703991426176
- https://git.kernel.org/stable/c/3d32327f5cfc087ee3922a3bcdcc29880dcdb50f
- https://git.kernel.org/stable/c/92e494a7568b60ae80d57fc0deafcaf3a4029ab3
- https://git.kernel.org/stable/c/a349e5ab4dc9954746e836cd10b407ce48f9b2f6
- https://git.kernel.org/stable/c/effe0500afda017a86c94482b1e36bc37586c9af
- https://git.kernel.org/stable/c/f63b94be6942ba82c55343e196bd09b53227618e
- https://git.kernel.org/stable/c/27cd3873fa76ebeb9f948baae40cb9a6d8692289
- https://git.kernel.org/stable/c/2849a1b747cf37aa5b684527104d3a53f1e296d2
- https://git.kernel.org/stable/c/3503372d0bf7b324ec0bd6b90606703991426176
- https://git.kernel.org/stable/c/3d32327f5cfc087ee3922a3bcdcc29880dcdb50f
- https://git.kernel.org/stable/c/92e494a7568b60ae80d57fc0deafcaf3a4029ab3
- https://git.kernel.org/stable/c/a349e5ab4dc9954746e836cd10b407ce48f9b2f6
- https://git.kernel.org/stable/c/effe0500afda017a86c94482b1e36bc37586c9af
- https://git.kernel.org/stable/c/f63b94be6942ba82c55343e196bd09b53227618e
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
