CVE-2024-53153: 
Linux Kernel vulnerability analysis and mitigation

In the Linux kernel, a vulnerability (CVE-2024-53153) has been identified and resolved in the PCI Qualcomm endpoint driver. The issue occurs when the host asserts PERST# (PCI Express Reset), as the endpoint cleanup functions are called during a time when the reference clock (refclk) is disabled by the host. Since Qualcomm endpoint SoCs depend on the host's refclk for controller operation, any hardware register access during this period results in an endpoint crash (Kernel Git).

The vulnerability stems from the timing of cleanup operations in the qcompcieperstassert() function. The endpoint cleanup function dwpcieepcleanup() and EPF deinit notify function pciepcdeinit_notify() were originally called when the host asserted PERST#, but this occurred just before the host disabled the reference clock. Most controller cleanup operations require access to hardware registers, such as eDMA cleanup and powering down MHI EPF, which cannot be performed without an active refclk (Kernel Git).

When exploited, this vulnerability causes a complete crash of the endpoint SoC when the host asserts PERST#. This affects all Qualcomm endpoint SoCs that depend on the host's reference clock for controller operation (Kernel Git).

The issue has been fixed by moving the controller cleanup operations to the start of the qcompcieperst_deassert() function, which is called when the host deasserts PERST#. At this point, the reference clock is guaranteed to be active, allowing safe execution of cleanup operations. The fix has been implemented in the Linux kernel through patches that modify the timing of cleanup operations (Kernel Git).