ghsa-2jj4-33hw-m7m9
Vulnerability from github
Published
2025-02-27 21:32
Modified
2025-02-27 21:32
Details

In the Linux kernel, the following vulnerability has been resolved:

fbdev: omap: use threaded IRQ for LCD DMA

When using touchscreen and framebuffer, Nokia 770 crashes easily with:

BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000
Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd
CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2
Hardware name: Nokia 770
Call trace:
 unwind_backtrace from show_stack+0x10/0x14
 show_stack from dump_stack_lvl+0x54/0x5c
 dump_stack_lvl from __schedule_bug+0x50/0x70
 __schedule_bug from __schedule+0x4d4/0x5bc
 __schedule from schedule+0x34/0xa0
 schedule from schedule_preempt_disabled+0xc/0x10
 schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4
 __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4
 clk_prepare_lock from clk_set_rate+0x18/0x154
 clk_set_rate from sossi_read_data+0x4c/0x168
 sossi_read_data from hwa742_read_reg+0x5c/0x8c
 hwa742_read_reg from send_frame_handler+0xfc/0x300
 send_frame_handler from process_pending_requests+0x74/0xd0
 process_pending_requests from lcd_dma_irq_handler+0x50/0x74
 lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130
 __handle_irq_event_percpu from handle_irq_event+0x28/0x68
 handle_irq_event from handle_level_irq+0x9c/0x170
 handle_level_irq from generic_handle_domain_irq+0x2c/0x3c
 generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c
 omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c
 generic_handle_arch_irq from call_with_stack+0x1c/0x24
 call_with_stack from __irq_svc+0x94/0xa8
Exception stack(0xc5255da0 to 0xc5255de8)
5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248
5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94
5de0: 60000013 ffffffff
 __irq_svc from clk_prepare_lock+0x4c/0xe4
 clk_prepare_lock from clk_get_rate+0x10/0x74
 clk_get_rate from uwire_setup_transfer+0x40/0x180
 uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c
 spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664
 spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498
 __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8
 __spi_sync from spi_sync+0x24/0x40
 spi_sync from ads7846_halfd_read_state+0x5c/0x1c0
 ads7846_halfd_read_state from ads7846_irq+0x58/0x348
 ads7846_irq from irq_thread_fn+0x1c/0x78
 irq_thread_fn from irq_thread+0x120/0x228
 irq_thread from kthread+0xc8/0xe8
 kthread from ret_from_fork+0x14/0x28

As a quick fix, switch to a threaded IRQ which provides a stable system.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-21821"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-27T20:16:04Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: omap: use threaded IRQ for LCD DMA\n\nWhen using touchscreen and framebuffer, Nokia 770 crashes easily with:\n\n    BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000\n    Modules linked in: usb_f_ecm g_ether usb_f_rndis u_ether libcomposite configfs omap_udc ohci_omap ohci_hcd\n    CPU: 0 UID: 0 PID: 82 Comm: irq/144-ads7846 Not tainted 6.12.7-770 #2\n    Hardware name: Nokia 770\n    Call trace:\n     unwind_backtrace from show_stack+0x10/0x14\n     show_stack from dump_stack_lvl+0x54/0x5c\n     dump_stack_lvl from __schedule_bug+0x50/0x70\n     __schedule_bug from __schedule+0x4d4/0x5bc\n     __schedule from schedule+0x34/0xa0\n     schedule from schedule_preempt_disabled+0xc/0x10\n     schedule_preempt_disabled from __mutex_lock.constprop.0+0x218/0x3b4\n     __mutex_lock.constprop.0 from clk_prepare_lock+0x38/0xe4\n     clk_prepare_lock from clk_set_rate+0x18/0x154\n     clk_set_rate from sossi_read_data+0x4c/0x168\n     sossi_read_data from hwa742_read_reg+0x5c/0x8c\n     hwa742_read_reg from send_frame_handler+0xfc/0x300\n     send_frame_handler from process_pending_requests+0x74/0xd0\n     process_pending_requests from lcd_dma_irq_handler+0x50/0x74\n     lcd_dma_irq_handler from __handle_irq_event_percpu+0x44/0x130\n     __handle_irq_event_percpu from handle_irq_event+0x28/0x68\n     handle_irq_event from handle_level_irq+0x9c/0x170\n     handle_level_irq from generic_handle_domain_irq+0x2c/0x3c\n     generic_handle_domain_irq from omap1_handle_irq+0x40/0x8c\n     omap1_handle_irq from generic_handle_arch_irq+0x28/0x3c\n     generic_handle_arch_irq from call_with_stack+0x1c/0x24\n     call_with_stack from __irq_svc+0x94/0xa8\n    Exception stack(0xc5255da0 to 0xc5255de8)\n    5da0: 00000001 c22fc620 00000000 00000000 c08384a8 c106fc00 00000000 c240c248\n    5dc0: c113a600 c3f6ec30 00000001 00000000 c22fc620 c5255df0 c22fc620 c0279a94\n    5de0: 60000013 ffffffff\n     __irq_svc from clk_prepare_lock+0x4c/0xe4\n     clk_prepare_lock from clk_get_rate+0x10/0x74\n     clk_get_rate from uwire_setup_transfer+0x40/0x180\n     uwire_setup_transfer from spi_bitbang_transfer_one+0x2c/0x9c\n     spi_bitbang_transfer_one from spi_transfer_one_message+0x2d0/0x664\n     spi_transfer_one_message from __spi_pump_transfer_message+0x29c/0x498\n     __spi_pump_transfer_message from __spi_sync+0x1f8/0x2e8\n     __spi_sync from spi_sync+0x24/0x40\n     spi_sync from ads7846_halfd_read_state+0x5c/0x1c0\n     ads7846_halfd_read_state from ads7846_irq+0x58/0x348\n     ads7846_irq from irq_thread_fn+0x1c/0x78\n     irq_thread_fn from irq_thread+0x120/0x228\n     irq_thread from kthread+0xc8/0xe8\n     kthread from ret_from_fork+0x14/0x28\n\nAs a quick fix, switch to a threaded IRQ which provides a stable system.",
  "id": "GHSA-2jj4-33hw-m7m9",
  "modified": "2025-02-27T21:32:17Z",
  "published": "2025-02-27T21:32:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21821"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bbbd311dd503653a2cc86d9226740883051dc92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/8392ea100f0b86c234c739c6662f39f0ccc0cefd"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/aa8e22cbedeb626f2a6bda0aea362353d627cd0a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e4b6b665df815b4841e71b72f06446884e8aad40"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fb6a5edb60921887d7d10619fcdcbee9759552cb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.