CVE-2024-50032
rcu/nocb: Fix rcuog wake-up from offline softirq
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
rcu/nocb: Fix rcuog wake-up from offline softirq
After a CPU has set itself offline and before it eventually calls
rcutree_report_cpu_dead(), there are still opportunities for callbacks
to be enqueued, for example from a softirq. When that happens on NOCB,
the rcuog wake-up is deferred through an IPI to an online CPU in order
not to call into the scheduler and risk arming the RT-bandwidth after
hrtimers have been migrated out and disabled.
But performing a synchronized IPI from a softirq is buggy as reported in
the following scenario:
WARNING: CPU: 1 PID: 26 at kernel/smp.c:633 smp_call_function_single
Modules linked in: rcutorture torture
CPU: 1 UID: 0 PID: 26 Comm: migration/1 Not tainted 6.11.0-rc1-00012-g9139f93209d1 #1
Stopper: multi_cpu_stop+0x0/0x320 <- __stop_cpus+0xd0/0x120
RIP: 0010:smp_call_function_single
<IRQ>
swake_up_one_online
__call_rcu_nocb_wake
__call_rcu_common
? rcu_torture_one_read
call_timer_fn
__run_timers
run_timer_softirq
handle_softirqs
irq_exit_rcu
? tick_handle_periodic
sysvec_apic_timer_interrupt
</IRQ>
Fix this with forcing deferred rcuog wake up through the NOCB timer when
the CPU is offline. The actual wake up will happen from
rcutree_report_cpu_dead().
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-10-21 CVE Reserved
- 2024-10-21 CVE Published
- 2024-10-21 CVE Updated
- ---------- EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/9b52ee18f6d2f0e845b0dd5ba35edc02ba318827 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/00a611229bfad075660181c53e054ff544d3ac34 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/9139f93209d1ffd7f489ab19dee01b7c3a1a43d2 | Vuln. Introduced | |
| https://git.kernel.org/stable/c/ec2777e57f2f548702b147c6e5cc088079bd93ca | Vuln. Introduced | |
| https://git.kernel.org/stable/c/bbeaae6f79b2923cf8b8f191d039b19f11adf045 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.6.54 < 6.6.57 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.6.54 < 6.6.57" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.11.2 < 6.11.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.11.2 < 6.11.4" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 6.12-rc1 < 6.12-rc3 Search vendor "Linux" for product "Linux Kernel" and version " >= 6.12-rc1 < 6.12-rc3" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.1.113 Search vendor "Linux" for product "Linux Kernel" and version "6.1.113" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 6.10.13 Search vendor "Linux" for product "Linux Kernel" and version "6.10.13" | en |
Affected
| ||||||