cve-2024-47696
Vulnerability from cvelistv5
Published
2024-10-21 11:53
Modified
2024-12-19 09:26
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock. The call trace is as below: [ 125.350876][ T1430] Call Trace: [ 125.356281][ T1430] <TASK> [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239) [ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231) [ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339) [ 125.531837][ T1430] kthread (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] </TASK> [ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5
Impacted products
Vendor Product Version
Linux Linux Version: d91d253c87fd1efece521ff2612078a35af673c6
Version: 7f25f296fc9bd0435be14e89bf657cd615a23574
Version: 94ee7ff99b87435ec63211f632918dc7f44dac79
Version: 557d035fe88d78dd51664f4dc0e1896c04c97cf6
Version: dc8074b8901caabb97c2d353abd6b4e7fa5a59a5
Version: ff5bbbdee08287d75d72e65b72a2b76d9637892a
Version: ee39384ee787e86e9db4efb843818ef0ea9cb8ae
Version: aee2424246f9f1dadc33faa78990c1e2eb7826e4
Version: aee2424246f9f1dadc33faa78990c1e2eb7826e4
 Create a notification for this product.
   Linux Linux Version: 6.11
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-47696",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-21T13:05:12.849051Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-21T13:14:14.398Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Linux",
               programFiles: [
                  "drivers/infiniband/core/iwcm.c",
               ],
               repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               vendor: "Linux",
               versions: [
                  {
                     lessThan: "da2708a19f45b4a7278adf523837c8db21d1e2b5",
                     status: "affected",
                     version: "d91d253c87fd1efece521ff2612078a35af673c6",
                     versionType: "git",
                  },
                  {
                     lessThan: "29b3bbd912b8db86df7a3c180b910ccb621f5635",
                     status: "affected",
                     version: "7f25f296fc9bd0435be14e89bf657cd615a23574",
                     versionType: "git",
                  },
                  {
                     lessThan: "2efe8da2ddbf873385b4bc55366d09350b408df6",
                     status: "affected",
                     version: "94ee7ff99b87435ec63211f632918dc7f44dac79",
                     versionType: "git",
                  },
                  {
                     lessThan: "da0392698c62397c19deb1b9e9bdf2fbb5a9420e",
                     status: "affected",
                     version: "557d035fe88d78dd51664f4dc0e1896c04c97cf6",
                     versionType: "git",
                  },
                  {
                     lessThan: "a64f30db12bdc937c5108158d98c8eab1925c548",
                     status: "affected",
                     version: "dc8074b8901caabb97c2d353abd6b4e7fa5a59a5",
                     versionType: "git",
                  },
                  {
                     lessThan: "8b7df76356d098f85f3bd2c7cf6fb43f531893d7",
                     status: "affected",
                     version: "ff5bbbdee08287d75d72e65b72a2b76d9637892a",
                     versionType: "git",
                  },
                  {
                     lessThan: "c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58",
                     status: "affected",
                     version: "ee39384ee787e86e9db4efb843818ef0ea9cb8ae",
                     versionType: "git",
                  },
                  {
                     lessThan: "a09dc967b3c58899e259c0aea092f421d22a0b04",
                     status: "affected",
                     version: "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
                     versionType: "git",
                  },
                  {
                     lessThan: "86dfdd8288907f03c18b7fb462e0e232c4f98d89",
                     status: "affected",
                     version: "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
                     versionType: "git",
                  },
               ],
            },
            {
               defaultStatus: "affected",
               product: "Linux",
               programFiles: [
                  "drivers/infiniband/core/iwcm.c",
               ],
               repo: "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
               vendor: "Linux",
               versions: [
                  {
                     status: "affected",
                     version: "6.11",
                  },
                  {
                     lessThan: "6.11",
                     status: "unaffected",
                     version: "0",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "4.19.*",
                     status: "unaffected",
                     version: "4.19.323",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.4.*",
                     status: "unaffected",
                     version: "5.4.285",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.10.*",
                     status: "unaffected",
                     version: "5.10.227",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "5.15.*",
                     status: "unaffected",
                     version: "5.15.168",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.1.*",
                     status: "unaffected",
                     version: "6.1.113",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.6.*",
                     status: "unaffected",
                     version: "6.6.54",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.10.*",
                     status: "unaffected",
                     version: "6.10.13",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "6.11.*",
                     status: "unaffected",
                     version: "6.11.2",
                     versionType: "semver",
                  },
                  {
                     lessThanOrEqual: "*",
                     status: "unaffected",
                     version: "6.12",
                     versionType: "original_commit_for_fix",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn't\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[  125.350876][ T1430] Call Trace:\n[  125.356281][ T1430]  <TASK>\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[  125.566487][ T1430]  </TASK>\n[  125.566488][ T1430] ---[ end trace 0000000000000000 ]---",
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-12-19T09:26:16.864Z",
            orgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
            shortName: "Linux",
         },
         references: [
            {
               url: "https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5",
            },
            {
               url: "https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635",
            },
            {
               url: "https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6",
            },
            {
               url: "https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e",
            },
            {
               url: "https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548",
            },
            {
               url: "https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7",
            },
            {
               url: "https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58",
            },
            {
               url: "https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04",
            },
            {
               url: "https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89",
            },
         ],
         title: "RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency",
         x_generator: {
            engine: "bippy-5f407fcff5a0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      assignerShortName: "Linux",
      cveId: "CVE-2024-47696",
      datePublished: "2024-10-21T11:53:33.950Z",
      dateReserved: "2024-09-30T16:00:12.942Z",
      dateUpdated: "2024-12-19T09:26:16.864Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2024-47696\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-21T12:15:06.257\",\"lastModified\":\"2024-11-08T16:15:25.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\\n\\nIn the commit aee2424246f9 (\\\"RDMA/iwcm: Fix a use-after-free related to\\ndestroying CM IDs\\\"), the function flush_workqueue is invoked to flush the\\nwork queue iwcm_wq.\\n\\nBut at that time, the work queue iwcm_wq was created via the function\\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\\n\\nBecause the current process is trying to flush the whole iwcm_wq, if\\niwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current\\nprocess is not reclaiming memory or running on a workqueue which doesn't\\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\\nleading to a deadlock.\\n\\nThe call trace is as below:\\n\\n[  125.350876][ T1430] Call Trace:\\n[  125.356281][ T1430]  <TASK>\\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\\n[  125.566487][ T1430]  </TASK>\\n[  125.566488][ T1430] ---[ end trace 0000000000000000 ]---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency En el commit aee2424246f9 (\\\"RDMA/iwcm: Fix a use-after-free related to destroying CM IDs\\\"), se invoca la función flush_workqueue para vaciar la cola de trabajo iwcm_wq. Pero en ese momento, la cola de trabajo iwcm_wq se creó a través de la función alloc_ordered_workqueue sin el indicador WQ_MEM_RECLAIM. Debido a que el proceso actual está intentando vaciar todo iwcm_wq, si iwcm_wq no tiene el indicador WQ_MEM_RECLAIM, verifique que el proceso actual no esté recuperando memoria o ejecutándose en una cola de trabajo que no tenga el indicador WQ_MEM_RECLAIM, ya que eso puede romper la garantía de progreso hacia adelante y provocar un bloqueo. El seguimiento de la llamada es el siguiente: [ 125.350876][ T1430] Seguimiento de la llamada: [ 125.356281][ T1430]  [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminador 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminador 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminador 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (núcleo/bloqueo/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (controladores/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (controladores/nvme/host/rdma.c:656 controladores/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (controladores/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] proceso_uno_trabajo (kernel/workqueue.c:3231) [ 125.515122][ T1430] subproceso_de_trabajo (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_subproceso_de_trabajo (kernel/workqueue.c:3339) [ 125.531837][ T1430] subproceso_de_trabajo (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430]  [ 125.566488][ T1430] ---[ fin de seguimiento 000000000000000 ]---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.320\",\"versionEndExcluding\":\"5.4\",\"matchCriteriaId\":\"F09E537F-AD7C-4CDD-94C7-982AB40F0250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.282\",\"versionEndExcluding\":\"5.10\",\"matchCriteriaId\":\"90BDC6BE-7108-4153-B444-9458B801A490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.224\",\"versionEndExcluding\":\"5.10.227\",\"matchCriteriaId\":\"7E8BD058-58ED-4814-A074-86C0143050D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.165\",\"versionEndExcluding\":\"5.15.168\",\"matchCriteriaId\":\"7C1D9631-2FF8-491B-B364-0C17573AE285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.103\",\"versionEndExcluding\":\"6.1.113\",\"matchCriteriaId\":\"B972EDA4-04F8-4699-8D9D-A5DC02BE8618\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.44\",\"versionEndExcluding\":\"6.6.54\",\"matchCriteriaId\":\"120EDEE6-5DF3-41B7-B899-A20906FEC9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10.3\",\"versionEndExcluding\":\"6.10.13\",\"matchCriteriaId\":\"6C8722B8-BE3E-4B88-AA44-E3441523B260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.11\",\"versionEndExcluding\":\"6.11.2\",\"matchCriteriaId\":\"AB755D26-97F4-43B6-8604-CD076811E181\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47696\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T13:05:12.849051Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T13:05:15.991Z\"}}], \"cna\": {\"title\": \"RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"d91d253c87fd1efece521ff2612078a35af673c6\", \"lessThan\": \"da2708a19f45b4a7278adf523837c8db21d1e2b5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f25f296fc9bd0435be14e89bf657cd615a23574\", \"lessThan\": \"29b3bbd912b8db86df7a3c180b910ccb621f5635\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"94ee7ff99b87435ec63211f632918dc7f44dac79\", \"lessThan\": \"2efe8da2ddbf873385b4bc55366d09350b408df6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"557d035fe88d78dd51664f4dc0e1896c04c97cf6\", \"lessThan\": \"da0392698c62397c19deb1b9e9bdf2fbb5a9420e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dc8074b8901caabb97c2d353abd6b4e7fa5a59a5\", \"lessThan\": \"a64f30db12bdc937c5108158d98c8eab1925c548\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ff5bbbdee08287d75d72e65b72a2b76d9637892a\", \"lessThan\": \"8b7df76356d098f85f3bd2c7cf6fb43f531893d7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ee39384ee787e86e9db4efb843818ef0ea9cb8ae\", \"lessThan\": \"c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"aee2424246f9f1dadc33faa78990c1e2eb7826e4\", \"lessThan\": \"a09dc967b3c58899e259c0aea092f421d22a0b04\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"aee2424246f9f1dadc33faa78990c1e2eb7826e4\", \"lessThan\": \"86dfdd8288907f03c18b7fb462e0e232c4f98d89\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/infiniband/core/iwcm.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.323\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.285\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.227\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.168\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.113\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.54\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/infiniband/core/iwcm.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5\"}, {\"url\": \"https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635\"}, {\"url\": \"https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6\"}, {\"url\": \"https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e\"}, {\"url\": \"https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548\"}, {\"url\": \"https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7\"}, {\"url\": \"https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58\"}, {\"url\": \"https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04\"}, {\"url\": \"https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\\n\\nIn the commit aee2424246f9 (\\\"RDMA/iwcm: Fix a use-after-free related to\\ndestroying CM IDs\\\"), the function flush_workqueue is invoked to flush the\\nwork queue iwcm_wq.\\n\\nBut at that time, the work queue iwcm_wq was created via the function\\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\\n\\nBecause the current process is trying to flush the whole iwcm_wq, if\\niwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current\\nprocess is not reclaiming memory or running on a workqueue which doesn't\\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\\nleading to a deadlock.\\n\\nThe call trace is as below:\\n\\n[  125.350876][ T1430] Call Trace:\\n[  125.356281][ T1430]  <TASK>\\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\\n[  125.566487][ T1430]  </TASK>\\n[  125.566488][ T1430] ---[ end trace 0000000000000000 ]---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T09:26:16.864Z\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2024-47696\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T09:26:16.864Z\", \"dateReserved\": \"2024-09-30T16:00:12.942Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-10-21T11:53:33.950Z\", \"assignerShortName\": \"Linux\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.