### [CVE-2024-53153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53153) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=570d7715eed8a29ac5bd96c7694f060a991e5a31%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Version&message=6.10%20&color=brightgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description In the Linux kernel, the following vulnerability has been resolved:PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPFdeinit notify function pci_epc_deinit_notify() are called during theexecution of qcom_pcie_perst_assert() i.e., when the host has assertedPERST#. But quickly after this step, refclk will also be disabled by thehost.All of the Qcom endpoint SoCs supported as of now depend on the refclk fromthe host for keeping the controller operational. Due to this limitation,any access to the hardware registers in the absence of refclk will resultin a whole endpoint crash. Unfortunately, most of the controller cleanupsrequire accessing the hardware registers (like eDMA cleanup performed indw_pcie_ep_cleanup(), powering down MHI EPF etc...). So these cleanupfunctions are currently causing the crash in the endpoint SoC once hostasserts PERST#.One way to address this issue is by generating the refclk in the endpointitself and not depending on the host. But that is not always possible assome of the endpoint designs do require the endpoint to consume refclk fromthe host (as I was told by the Qcom engineers).Thus, fix this crash by moving the controller cleanups to the start ofthe qcom_pcie_perst_deassert() function. qcom_pcie_perst_deassert() iscalled whenever the host has deasserted PERST# and it is guaranteed thatthe refclk would be active at this point. So at the start of this function(after enabling resources), the controller cleanup can be performed. Oncefinished, rest of the code execution for PERST# deassert can continue asusual. ### POC #### Reference No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds