Linux Kernel UCSI ACPI Backend CCI Polling Vulnerability

A vulnerability has been identified in the Linux kernel's ACPI backend for UCSI, specifically related to how the UCSI 'registers' are managed. The issue arises because the ACPI implementation in the BIOS is supposed to synchronize the opregion contents with the embedded controller. However, this synchronization can be problematic on certain ACPI implementations. The vulnerability involves an improper handling of the CCI registers, leading to a spurious assertion warning. To address this, a new 'poll_cci' method has been introduced, which forces a synchronization before polling the CCI, ensuring proper register management when notifications are disabled.

Impact

The vulnerability could lead to improper synchronization of the CCI registers, causing assertion errors and potentially disrupting the normal operation of the UCSI ACPI backend.

Reproduction

The vulnerability can be reproduced on a system with the affected Linux kernel version, such as 6.12.11-200.fc41.x86_64. When the UCSI ACPI backend is initialized, the 'ucsi_reset_ppm' function is called. This function attempts to poll the CCI registers, but if notifications are disabled, it can lead to a spurious assertion error. This issue can be observed in the kernel workqueue, where the 'ucsi_init_work' process triggers the problematic register polling.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit introducing the fix can be found in the Linux kernel Git repository.