CVE-2026-53332
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
01/07/2026
Última modificación:
04/07/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd<br />
<br />
When the remoteproc starts in parallel with the NGD driver being probed,<br />
or the remoteproc is already up when the PDR lookup is being registered,<br />
or in the theoretical event that we get an interrupt from the hardware,<br />
these callbacks will operate on uninitialized data. This result in<br />
issues to boot the affected boards.<br />
<br />
One such example can be seen in the following fault, where<br />
qcom_slim_ngd_ssr_pdr_notify() schedules work on the NULL ngd_up_work.<br />
<br />
[ 21.858578] ------------[ cut here ]------------<br />
[ 21.858745] WARNING: kernel/workqueue.c:2338 at __queue_work+0x5e0/0x790, CPU#2: kworker/2:2/116<br />
...<br />
[ 21.859251] Call trace:<br />
[ 21.859255] __queue_work+0x5e0/0x790 (P)<br />
[ 21.859265] queue_work_on+0x6c/0xf0<br />
[ 21.859273] qcom_slim_ngd_ssr_pdr_notify+0x110/0x150 [slim_qcom_ngd_ctrl]<br />
[ 21.859304] qcom_slim_ngd_ssr_notify+0x24/0x40 [slim_qcom_ngd_ctrl]<br />
[ 21.859318] notifier_call_chain+0xa4/0x230<br />
[ 21.859329] srcu_notifier_call_chain+0x64/0xb8<br />
[ 21.859338] ssr_notify_start+0x40/0x78 [qcom_common]<br />
[ 21.859355] rproc_start+0x130/0x230<br />
[ 21.859367] rproc_boot+0x3d4/0x518<br />
...<br />
<br />
Move the enablement of interrupts, and the registration of SSR and PDR<br />
until after the NGD device has been registered.<br />
<br />
This could be further refined by moving initialization to the control<br />
driver probe and by removing the platform driver model from the picture.
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/08564e15c47a5fb0af6643a43ee15521d49bcdea
- https://git.kernel.org/stable/c/24ec89123fc9d0d24ce719dcf7fd6c57e5b0d753
- https://git.kernel.org/stable/c/2a9d50e9ea406e0c8735938484adc20515ef1b47
- https://git.kernel.org/stable/c/946b97d632f0f58a705dafac644c1e9346e01f35
- https://git.kernel.org/stable/c/fa3790c7ea98328ddc3f7d8bf40247556245a6fc



