CVE-2024-47696

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to
destroying CM IDs"), the function flush_workqueue is invoked to flush the
work queue iwcm_wq.

But at that time, the work queue iwcm_wq was created via the function
alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.

Because the current process is trying to flush the whole iwcm_wq, if
iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current
process is not reclaiming memory or running on a workqueue which doesn't
have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee
leading to a deadlock.

The call trace is as below:

[ 125.350876][ T1430] Call Trace:
[ 125.356281][ T1430] <TASK>
[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)
[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)
[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)
[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))
[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)
[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))
[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)
[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)
[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm
[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)
[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)
[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)
[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm
[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma
[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma
[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)
[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)
[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)
[ 125.531837][ T1430] kthread (kernel/kthread.c:389)
[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)
[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)
[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)
[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)
[ 125.566487][ T1430] </TASK>
[ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-09-30 CVE Reserved
2024-10-21 CVE Published
2024-10-24 EPSS Updated
2024-11-19 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (17)

URL	Tag	Source
https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6	Vuln. Introduced
https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574	Vuln. Introduced
https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79	Vuln. Introduced
https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6	Vuln. Introduced
https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5	Vuln. Introduced
https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a	Vuln. Introduced
https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0ea9cb8ae	Vuln. Introduced
https://git.kernel.org/stable/c/aee2424246f9f1dadc33faa78990c1e2eb7826e4	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5	2024-11-08
https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635	2024-11-08
https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6	2024-10-17
https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e	2024-10-17
https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548	2024-10-17
https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7	2024-10-04
https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58	2024-10-04
https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04	2024-10-04
https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89	2024-08-23

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.19.320 < 4.19.323 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.19.320 < 4.19.323"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.4.282 < 5.4.285 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.4.282 < 5.4.285"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.10.224 < 5.10.227 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.10.224 < 5.10.227"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15.165 < 5.15.168 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15.165 < 5.15.168"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.1.103 < 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.1.103 < 6.1.113"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.6.44 < 6.6.54 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.44 < 6.6.54"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.10.3 < 6.10.13 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.10.3 < 6.10.13"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.11.2 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.11.2"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 6.11 < 6.12 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11 < 6.12"		en		Affected