CVE-2024-35989
Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops: BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1470e1067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57 Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 RIP: 0010:mutex_lock+0x2e/0x50 ... Call Trace: <TASK> __die+0x24/0x70 page_fault_oops+0x82/0x160 do_user_addr_fault+0x65/0x6b0 __pfx___rdmsr_safe_on_cpu+0x10/0x10 exc_page_fault+0x7d/0x170 asm_exc_page_fault+0x26/0x30 mutex_lock+0x2e/0x50 mutex_lock+0x1e/0x50 perf_pmu_migrate_context+0x87/0x1f0 perf_event_cpu_offline+0x76/0x90 [idxd] cpuhp_invoke_callback+0xa2/0x4f0 __pfx_perf_event_cpu_offline+0x10/0x10 [idxd] cpuhp_thread_fun+0x98/0x150 smpboot_thread_fn+0x27/0x260 smpboot_thread_fn+0x1af/0x260 __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x103/0x140 __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 <TASK> Fix the issue by preventing the migration of the perf context to an invalid target.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10RHSA-2024:70012024-09-24T00:00:00Z Red Hat Enterprise Linux 8kernel-0:4.18.0-553.22.1.el8_10RHSA-2024:70002024-09-24T00:00:00Z Redβ¦
Description
kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
CVSS v3: 5.5 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10 | RHSA-2024:7001 | 2024-09-24T00:00:00Z |
| Red Hat Enterprise Linux 8 | kernel-0:4.18.0-553.22.1.el8_10 | RHSA-2024:7000 | 2024-09-24T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.40.1.el9_4 | RHSA-2024:8162 | 2024-10-16T00:00:00Z |
| Red Hat Enterprise Linux 9 | kernel-0:5.14.0-427.40.1.el9_4 | RHSA-2024:8162 | 2024-10-16T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel | Not affected |
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected |
| Red Hat Enterprise Linux 9 | kernel-rt | Affected |
Apply commands
yum update -y kernel-rt
# or:
dnf upgrade -y kernel-rtAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | kernel-debug-devel-matched-5.14.0-427.40.1.el9_4.aarch64.rpm |
| 8 | Fixed | kernel-abi-stablelists-4.18.0-553.22.1.el8_10.noarch.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 6.8.9-1 |
| sid | Fixed | 6.8.9-1 |
| forky | Fixed | 6.8.9-1 |
| bullseye | Fixed | 0 |
| bookworm | Fixed | 6.1.90-1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2024:8162
- https://errata.rockylinux.org/RLSA-2024:7000
- https://errata.rockylinux.org/RLSA-2024:7001
- https://www.suse.com/security/cve/CVE-2024-35989.html
- https://errata.rockylinux.org/RLSA-2024:8162
- https://security-tracker.debian.org/tracker/CVE-2024-35989
- https://access.redhat.com/errata/RHSA-2024:7000
- https://bugzilla.redhat.com/2258012
- https://bugzilla.redhat.com/2258013
- https://bugzilla.redhat.com/2260038
- https://bugzilla.redhat.com/2265799
- https://bugzilla.redhat.com/2265838
- https://bugzilla.redhat.com/2266358
- https://bugzilla.redhat.com/2266750
- https://bugzilla.redhat.com/2267036
- https://bugzilla.redhat.com/2267041
- https://bugzilla.redhat.com/2267795
- https://bugzilla.redhat.com/2267916
- https://bugzilla.redhat.com/2267925
- https://bugzilla.redhat.com/2268295
- https://bugzilla.redhat.com/2270103
- https://bugzilla.redhat.com/2271648
- https://bugzilla.redhat.com/2271796
- https://bugzilla.redhat.com/2272793
- https://bugzilla.redhat.com/2273141
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.