| From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001 |
| From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| To: <linux-cve-announce@vger.kernel.org> |
| Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org> |
| Subject: CVE-2024-27055: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() |
| |
| Description |
| =========== |
| |
| In the Linux kernel, the following vulnerability has been resolved: |
| |
| workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() |
| |
| For wq_update_node_max_active(), @off_cpu of -1 indicates that no CPU is |
| going down. The function was incorrectly calling cpumask_test_cpu() with -1 |
| CPU leading to oopses like the following on some archs: |
| |
| Unable to handle kernel paging request at virtual address ffff0002100296e0 |
| .. |
| pc : wq_update_node_max_active+0x50/0x1fc |
| lr : wq_update_node_max_active+0x1f0/0x1fc |
| ... |
| Call trace: |
| wq_update_node_max_active+0x50/0x1fc |
| apply_wqattrs_commit+0xf0/0x114 |
| apply_workqueue_attrs_locked+0x58/0xa0 |
| alloc_workqueue+0x5ac/0x774 |
| workqueue_init_early+0x460/0x540 |
| start_kernel+0x258/0x684 |
| __primary_switched+0xb8/0xc0 |
| Code: 9100a273 35000d01 53067f00 d0016dc1 (f8607a60) |
| ---[ end trace 0000000000000000 ]--- |
| Kernel panic - not syncing: Attempted to kill the idle task! |
| ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- |
| |
| Fix it. |
| |
| The Linux kernel CVE team has assigned CVE-2024-27055 to this issue. |
| |
| |
| Affected and fixed versions |
| =========================== |
| |
| Issue introduced in 6.6.23 with commit 5a70baec2294e8a7d0fcc4558741c23e752dad5c and fixed in 6.6.25 with commit a75ac2693d734d20724f0e10e039ca85f1fcfc4e |
| Issue introduced in 6.8.2 with commit 843288afd3cc6f3342659c6cf81fc47684d25563 and fixed in 6.8.4 with commit adc646d2126988a64234502f579e4bc2b080d7cf |
| |
| Please see https://www.kernel.org for a full list of currently supported |
| kernel versions by the kernel community. |
| |
| Unaffected versions might change over time as fixes are backported to |
| older supported kernel versions. The official CVE entry at |
| https://cve.org/CVERecord/?id=CVE-2024-27055 |
| will be updated if fixes are backported, please check that for the most |
| up to date information about this issue. |
| |
| |
| Affected files |
| ============== |
| |
| The file(s) affected by this issue are: |
| kernel/workqueue.c |
| |
| |
| Mitigation |
| ========== |
| |
| The Linux kernel CVE team recommends that you update to the latest |
| stable kernel version for this, and many other bugfixes. Individual |
| changes are never tested alone, but rather are part of a larger kernel |
| release. Cherry-picking individual commits is not recommended or |
| supported by the Linux kernel community at all. If however, updating to |
| the latest release is impossible, the individual changes to resolve this |
| issue can be found at these commits: |
| https://git.kernel.org/stable/c/7df62b8cca38aa452b508b477b16544cba615084 |
| https://git.kernel.org/stable/c/a75ac2693d734d20724f0e10e039ca85f1fcfc4e |
| https://git.kernel.org/stable/c/38c19c44cc05ec1e84d2e31a9a289b83b6c7ec85 |
| https://git.kernel.org/stable/c/9fc557d489f8163c1aabcb89114b8eba960f4097 |
| https://git.kernel.org/stable/c/adc646d2126988a64234502f579e4bc2b080d7cf |
| https://git.kernel.org/stable/c/15930da42f8981dc42c19038042947b475b19f47 |
