CVE-2024-53053: 
Linux Debian vulnerability analysis and mitigation

A deadlock vulnerability was discovered in the Linux kernel's UFS (Universal Flash Storage) core component. The vulnerability (CVE-2024-53053) affects Linux kernel versions from 6.8 up to (excluding) 6.11.7. The issue occurs when ufshcdrtcwork calls ufshcdrpmputsync() and the pm's usagecount is 0, causing a deadlock during RTC (Real-Time Clock) updates (NVD).

The vulnerability stems from a race condition in the UFS core component. When ufshcdrtcwork calls ufshcdrpmputsync() with a pm usagecount of 0, the system enters the runtime suspend callback. However, this callback attempts to flush ufshcdrtcwork, resulting in a deadlock condition. The issue has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to a system deadlock, potentially causing system unavailability or unresponsiveness. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (NVD).

The vulnerability has been fixed by replacing ufshcdrpmputsync() with ufshcdrpm_put() to avoid the deadlock condition. Users are advised to update to Linux kernel version 6.11.7 or later which contains the fix (Kernel Patch).