CVE-2024-35991

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-35991
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-35991.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-35991
Related
Published
2024-05-20T10:15:13Z
Modified
2024-09-18T03:26:22.168817Z
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue

drainworkqueue() cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queuework() while drainworkqueue() will lead to a Call Trace as pushing a work on a draining workqueue is not permitted in spinlocked context. Call Trace: <TASK> ? _warn+0x7d/0x140 ? _queuework+0x2b2/0x440 ? reportbug+0x1f8/0x200 ? handlebug+0x3c/0x70 ? excinvalidop+0x18/0x70 ? asmexcinvalidop+0x1a/0x20 ? _queuework+0x2b2/0x440 queueworkon+0x28/0x30 idxdmiscthread+0x303/0x5a0 [idxd] ? _schedule+0x369/0xb40 ? _pfxirqthreadfn+0x10/0x10 ? irqthread+0xbc/0x1b0 irqthreadfn+0x21/0x70 irqthread+0x102/0x1b0 ? preemptcountadd+0x74/0xa0 ? _pfxirqthreaddtor+0x10/0x10 ? _pfxirqthread+0x10/0x10 kthread+0x103/0x140 ? _pfxkthread+0x10/0x10 retfromfork+0x31/0x50 ? _pfxkthread+0x10/0x10 retfromforkasm+0x1b/0x30 </TASK>

The current implementation uses a spinlock to protect event log workqueue and will lead to the Call Trace due to potential task rescheduling.

To address the locking issue, convert the spinlock to mutex, allowing the drain_workqueue() to be called in a safe mutex-locked context.

This change ensures proper synchronization when accessing the event log workqueue, preventing potential Call Trace and improving the overall robustness of the code.

References

Affected packages

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.8.9-1

Affected versions

6.*

6.1.27-1
6.1.37-1
6.1.38-1
6.1.38-2~bpo11+1
6.1.38-2
6.1.38-3
6.1.38-4~bpo11+1
6.1.38-4
6.1.52-1
6.1.55-1~bpo11+1
6.1.55-1
6.1.64-1
6.1.66-1
6.1.67-1
6.1.69-1~bpo11+1
6.1.69-1
6.1.76-1~bpo11+1
6.1.76-1
6.1.82-1
6.1.85-1
6.1.90-1~bpo11+1
6.1.90-1
6.1.94-1~bpo11+1
6.1.94-1
6.1.98-1
6.1.99-1
6.1.106-1
6.1.106-2
6.1.106-3
6.3.1-1~exp1
6.3.2-1~exp1
6.3.4-1~exp1
6.3.5-1~exp1
6.3.7-1~bpo12+1
6.3.7-1
6.3.11-1
6.4~rc6-1~exp1
6.4~rc7-1~exp1
6.4.1-1~exp1
6.4.4-1~bpo12+1
6.4.4-1
6.4.4-2
6.4.4-3~bpo12+1
6.4.4-3
6.4.11-1
6.4.13-1
6.5~rc4-1~exp1
6.5~rc6-1~exp1
6.5~rc7-1~exp1
6.5.1-1~exp1
6.5.3-1~bpo12+1
6.5.3-1
6.5.6-1
6.5.8-1
6.5.10-1~bpo12+1
6.5.10-1
6.5.13-1
6.6.3-1~exp1
6.6.4-1~exp1
6.6.7-1~exp1
6.6.8-1
6.6.9-1
6.6.11-1
6.6.13-1~bpo12+1
6.6.13-1
6.6.15-1
6.6.15-2
6.7-1~exp1
6.7.1-1~exp1
6.7.4-1~exp1
6.7.7-1
6.7.9-1
6.7.9-2
6.7.12-1~bpo12+1
6.7.12-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}