Linux Kernel Qcom LPG LED Driver Sleeping Function Vulnerability in Atomic Context

A vulnerability exists in the Linux kernel's Qualcomm LPG LED driver, specifically in the 'lpg_brightness_set' function. This function can sleep, but the LED's 'brightness_set' callback must remain non-blocking. The issue arises because a sleeping function is called from an invalid context, which can lead to potential disruptions in the kernel's operation. The vulnerability has been addressed by modifying the driver to use 'brightness_set_blocking' instead. This issue was identified in the Linux kernel version 6.1.0-rc1.

Impact

The vulnerability can cause a sleeping function to be called from an invalid context, disrupting the expected non-blocking behavior and potentially leading to issues in the kernel's operation.

Reproduction

The vulnerability can be reproduced by using the affected Qcom LPG LED driver in a context where the 'lpg_brightness_set' function is called. This can be done by triggering the LED heartbeat function, which invokes the brightness set function without the proper context, allowing it to sleep when it shouldn't.

Remediation

Users can update to the patched version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix is 3031993b3474794ecb71b6f969a3e60e4bda9d8a.