Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-53223

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/12/2024
Last modified:
08/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs<br /> <br /> Base clocks are the first in being probed and are real dependencies of the<br /> rest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880,<br /> RT305x and RT3883 &amp;#39;xtal&amp;#39; must be defined first since in any other case,<br /> when fixed clocks are probed they are delayed until &amp;#39;xtal&amp;#39; is probed so the<br /> following warning appears:<br /> <br /> WARNING: CPU: 0 PID: 0 at drivers/clk/ralink/clk-mtmips.c:499 rt3883_bus_recalc_rate+0x98/0x138<br /> Modules linked in:<br /> CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.43 #0<br /> Stack : 805e58d0 00000000 00000004 8004f950 00000000 00000004 00000000 00000000<br /> 80669c54 80830000 80700000 805ae570 80670068 00000001 80669bf8 00000000<br /> 00000000 00000000 805ae570 80669b38 00000020 804db7dc 00000000 00000000<br /> 203a6d6d 80669b78 80669e48 70617773 00000000 805ae570 00000000 00000009<br /> 00000000 00000001 00000004 00000001 00000000 00000000 83fe43b0 00000000<br /> ...<br /> Call Trace:<br /> [] show_stack+0x64/0xf4<br /> [] dump_stack_lvl+0x38/0x60<br /> [] __warn+0x94/0xe4<br /> [] warn_slowpath_fmt+0x60/0x94<br /> [] rt3883_bus_recalc_rate+0x98/0x138<br /> [] __clk_register+0x568/0x688<br /> [] of_clk_hw_register+0x18/0x2c<br /> [] rt2880_clk_of_clk_init_driver+0x18c/0x594<br /> [] of_clk_init+0x1c0/0x23c<br /> [] plat_time_init+0x58/0x18c<br /> [] time_init+0x10/0x6c<br /> [] start_kernel+0x458/0x67c<br /> <br /> ---[ end trace 0000000000000000 ]---<br /> <br /> When this driver was mainlined we could not find any active users of old<br /> ralink SoCs so we cannot perform any real tests for them. Now, one user<br /> of a Belkin f9k1109 version 1 device which uses RT3883 SoC appeared and<br /> reported some issues in openWRT:<br /> - https://github.com/openwrt/openwrt/issues/16054<br /> <br /> Thus, define a &amp;#39;rt2880_xtal_recalc_rate()&amp;#39; just returning the expected<br /> frequency 40Mhz and use it along the old ralink SoCs to have a correct<br /> boot trace with no warnings and a working clock plan from the beggining.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.5 (including) 6.6.64 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.11.11 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.12 (including) 6.12.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools