Linux Kernel VUB300 MMC Driver Blocking Operations Warning Vulnerability

A vulnerability has been identified in the Linux kernel's VUB300 USB-to-SD/SDIO/MMC driver, specifically in the handling of SDIO interrupts. The issue arises because the function 'vub300_enable_sdio_irq' does not properly manage blocking operations when the task is not in a running state. This can lead to potential problems, as the function relies on mutexes and requires the task to be active for sleepable contexts. The vulnerability was introduced in version 6.1.0-rc5 and has been addressed by ensuring the current task is marked as running before performing blocking operations.

Impact

The vulnerability can cause the system to issue a warning about calling blocking operations when the task is not running, which could lead to improper handling of interrupts or other time-sensitive operations.

Reproduction

The vulnerability can be reproduced by enabling the SDIO interrupt handling for the VUB300 driver while the task is not in a running state. This can be done by triggering the 'vub300_enable_sdio_irq' function without the necessary task state, causing the driver to issue a warning about the improper context.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.