Bug 1224835

Summary: rk3-r5 driver allows kernel crash via misuse of sysfs interface
Product: [Novell Products] SUSE Security Incidents Reporter: Oliver Neukum <oneukum>
Component: GeneralAssignee: Kernel Bugs <kernel-bugs>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: gianluca.gabrielli, meissner
Version: unspecified   
Target Milestone: ---   
Hardware: aarch64   
OS: Other   
URL: https://smash.suse.de/issue/407275/
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Oliver Neukum 2024-05-22 07:36:14 UTC 
This is from upstream against the kernel:

commit 3c8a9066d584f5010b6f4ba03bf6b19d28973d52
Author: Beleswar Padhi <b-padhi@ti.com>
Date:   Tue Apr 30 16:23:07 2024 +0530

    remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs
    
    PSC controller has a limitation that it can only power-up the second
    core when the first core is in ON state. Power-state for core0 should be
    equal to or higher than core1.
    
    Therefore, prevent core1 from powering up before core0 during the start
    process from sysfs. Similarly, prevent core0 from shutting down before
    core1 has been shut down from sysfs.
    
    Fixes: 6dedbd1d5443 ("remoteproc: k3-r5: Add a remoteproc driver for R5F subsystem")
    Signed-off-by: Beleswar Padhi <b-padhi@ti.com>
    Cc: stable@vger.kernel.org
    Link: https://lore.kernel.org/r/20240430105307.1190615-3-b-padhi@ti.com
    Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>

You can crash the system in a reliable manner through sysfs.
It requires pretty specific circumstances and weird permissions, but under strict definitions that is a security issue.