Bug 1224835 - rk3-r5 driver allows kernel crash via misuse of sysfs interface
Summary: rk3-r5 driver allows kernel crash via misuse of sysfs interface
Status: NEW
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: General (show other bugs)
Version: unspecified
Hardware: aarch64 Other
: P5 - None : Normal
Target Milestone: ---
Assignee: Kernel Bugs
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/407275/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-05-22 07:36 UTC by Oliver Neukum
Modified: 2024-05-29 12:17 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2024-05-22 07:36:14 UTC 
This is from upstream against the kernel:

commit 3c8a9066d584f5010b6f4ba03bf6b19d28973d52
Author: Beleswar Padhi <b-padhi@ti.com>
Date:   Tue Apr 30 16:23:07 2024 +0530

    remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs
    
    PSC controller has a limitation that it can only power-up the second
    core when the first core is in ON state. Power-state for core0 should be
    equal to or higher than core1.
    
    Therefore, prevent core1 from powering up before core0 during the start
    process from sysfs. Similarly, prevent core0 from shutting down before
    core1 has been shut down from sysfs.
    
    Fixes: 6dedbd1d5443 ("remoteproc: k3-r5: Add a remoteproc driver for R5F subsystem")
    Signed-off-by: Beleswar Padhi <b-padhi@ti.com>
    Cc: stable@vger.kernel.org
    Link: https://lore.kernel.org/r/20240430105307.1190615-3-b-padhi@ti.com
    Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>

You can crash the system in a reliable manner through sysfs.
It requires pretty specific circumstances and weird permissions, but under strict definitions that is a security issue.