CVE-2024-57951
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-57951
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-57951.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-57951
- Downstream
- Published
- 2025-02-12T13:27:53Z
- Modified
- 2025-10-15T22:23:05.269325Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- hrtimers: Handle CPU state correctly on hotplug
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
hrtimers: Handle CPU state correctly on hotplug
Consider a scenario where a CPU transitions from CPUHPONLINE to halfway through a CPU hotunplug down to CPUHPHRTIMERSPREPARE, and then back to CPUHPONLINE:
Since hrtimerspreparecpu() does not run, cpubase.hresactive remains set to 1 throughout. However, during a CPU unplug operation, the tick and the clockevents are shut down at CPUHPAPTICKDYING. On return to the online state, for instance CFS incorrectly assumes that the hrtick is already active, and the chance of the clockevent device to transition to oneshot mode is also lost forever for the CPU, unless it goes back to a lower state than CPUHPHRTIMERS_PREPARE once.
This round-trip reveals another issue; cpubase.online is not set to 1 after the transition, which appears as a WARNONONCE in enqueuehrtimer().
Aside of that, the bulk of the per CPU state is not reset either, which means there are dangling pointers in the worst case.
Address this by adding a corresponding startup() callback, which resets the stale per CPU state and sets the online flag.
[ tglx: Make the new callback unconditionally available, remove the online modification in the prepare() callback and clear the remaining state in the starting callback instead of the prepare callback ]
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7
- https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e7df624014ab6a1a
- https://git.kernel.org/stable/c/2f8dea1692eef2b7ba6a256246ed82c365fdc686
- https://git.kernel.org/stable/c/38492f6ee883c7b1d33338bf531a62cff69b4b28
- https://git.kernel.org/stable/c/3d41dbf82e10c44e53ea602398ab002baec27e75
- https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d44b8e23c260921a
- https://git.kernel.org/stable/c/a5cbbea145b400e40540c34816d16d36e0374fbc
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced54d0d83a53508d687fd4a225f8aa1f18559562d0Fixed95e4f62df23f4df1ce6ef897d44b8e23c260921a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7f4c89400d2997939f6971c7981cc780a219e36bFixed14984139f1f2768883332965db566ef26db609e7
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced6fcbcc6c8e52650749692c7613cbe71bf601670dFixed15b453db41d36184cf0ccc21e7df624014ab6a1a
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced75b5016ce325f1ef9c63e5398a1064cf8a7a7354Fixed3d41dbf82e10c44e53ea602398ab002baec27e75
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced53f408cad05bb987af860af22f4151e5a18e6ee8Fixeda5cbbea145b400e40540c34816d16d36e0374fbc
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94Fixed38492f6ee883c7b1d33338bf531a62cff69b4b28
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced5c0930ccaad5a74d74e8b18b648c5eb21ed2fe94Fixed2f8dea1692eef2b7ba6a256246ed82c365fdc686
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced9a2fc41acb69dd4e2a58d0c04346c3333c2341fc
Affected versions
v4.*
v4.19.302
v4.19.303
v4.19.304
v4.19.305
v4.19.306
v4.19.307
v4.19.308
v4.19.309
v4.19.310
v4.19.311
v4.19.312
v4.19.313
v4.19.314
v4.19.315
v4.19.316
v4.19.317
v4.19.318
v4.19.319
v4.19.320
v4.19.321
v4.19.322
v4.19.323
v4.19.324
v4.19.325
v5.*
v5.10.204
v5.10.205
v5.10.206
v5.10.207
v5.10.208
v5.10.209
v5.10.210
v5.10.211
v5.10.212
v5.10.213
v5.10.214
v5.10.215
v5.10.216
v5.10.217
v5.10.218
v5.10.219
v5.10.220
v5.10.221
v5.10.222
v5.10.223
v5.10.224
v5.10.225
v5.10.226
v5.10.227
v5.10.228
v5.10.229
v5.10.230
v5.10.231
v5.10.232
v5.10.233
v5.15.143
v5.15.144
v5.15.145
v5.15.146
v5.15.147
v5.15.148
v5.15.149
v5.15.150
v5.15.151
v5.15.152
v5.15.153
v5.15.154
v5.15.155
v5.15.156
v5.15.157
v5.15.158
v5.15.159
v5.15.160
v5.15.161
v5.15.162
v5.15.163
v5.15.164
v5.15.165
v5.15.166
v5.15.167
v5.15.168
v5.15.169
v5.15.170
v5.15.171
v5.15.172
v5.15.173
v5.15.174
v5.15.175
v5.15.176
v5.4.264
v5.4.265
v5.4.266
v5.4.267
v5.4.268
v5.4.269
v5.4.270
v5.4.271
v5.4.272
v5.4.273
v5.4.274
v5.4.275
v5.4.276
v5.4.277
v5.4.278
v5.4.279
v5.4.280
v5.4.281
v5.4.282
v5.4.283
v5.4.284
v5.4.285
v5.4.286
v5.4.287
v5.4.288
v5.4.289
v6.*
v6.1.100
v6.1.101
v6.1.102
v6.1.103
v6.1.104
v6.1.105
v6.1.106
v6.1.107
v6.1.108
v6.1.109
v6.1.110
v6.1.111
v6.1.112
v6.1.113
v6.1.114
v6.1.115
v6.1.116
v6.1.117
v6.1.118
v6.1.119
v6.1.120
v6.1.121
v6.1.122
v6.1.123
v6.1.124
v6.1.125
v6.1.126
v6.1.68
v6.1.69
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.78
v6.1.79
v6.1.80
v6.1.81
v6.1.82
v6.1.83
v6.1.84
v6.1.85
v6.1.86
v6.1.87
v6.1.88
v6.1.89
v6.1.90
v6.1.91
v6.1.92
v6.1.93
v6.1.94
v6.1.95
v6.1.96
v6.1.97
v6.1.98
v6.1.99
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.2
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.4.290
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.234
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.177
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.127
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.74
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.11