cve-2024-47696
Vulnerability from cvelistv5
Published
2024-10-21 11:53
Modified
2024-12-19 09:26
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock. The call trace is as below: [ 125.350876][ T1430] Call Trace: [ 125.356281][ T1430] <TASK> [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239) [ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231) [ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339) [ 125.531837][ T1430] kthread (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] </TASK> [ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420ePatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5
Impacted products
Vendor Product Version
Linux Linux Version: d91d253c87fd1efece521ff2612078a35af673c6
Version: 7f25f296fc9bd0435be14e89bf657cd615a23574
Version: 94ee7ff99b87435ec63211f632918dc7f44dac79
Version: 557d035fe88d78dd51664f4dc0e1896c04c97cf6
Version: dc8074b8901caabb97c2d353abd6b4e7fa5a59a5
Version: ff5bbbdee08287d75d72e65b72a2b76d9637892a
Version: ee39384ee787e86e9db4efb843818ef0ea9cb8ae
Version: aee2424246f9f1dadc33faa78990c1e2eb7826e4
Version: aee2424246f9f1dadc33faa78990c1e2eb7826e4
 Create a notification for this product.
   Linux Linux Version: 6.11
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47696",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T13:05:12.849051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:14:14.398Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/iwcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "da2708a19f45b4a7278adf523837c8db21d1e2b5",
              "status": "affected",
              "version": "d91d253c87fd1efece521ff2612078a35af673c6",
              "versionType": "git"
            },
            {
              "lessThan": "29b3bbd912b8db86df7a3c180b910ccb621f5635",
              "status": "affected",
              "version": "7f25f296fc9bd0435be14e89bf657cd615a23574",
              "versionType": "git"
            },
            {
              "lessThan": "2efe8da2ddbf873385b4bc55366d09350b408df6",
              "status": "affected",
              "version": "94ee7ff99b87435ec63211f632918dc7f44dac79",
              "versionType": "git"
            },
            {
              "lessThan": "da0392698c62397c19deb1b9e9bdf2fbb5a9420e",
              "status": "affected",
              "version": "557d035fe88d78dd51664f4dc0e1896c04c97cf6",
              "versionType": "git"
            },
            {
              "lessThan": "a64f30db12bdc937c5108158d98c8eab1925c548",
              "status": "affected",
              "version": "dc8074b8901caabb97c2d353abd6b4e7fa5a59a5",
              "versionType": "git"
            },
            {
              "lessThan": "8b7df76356d098f85f3bd2c7cf6fb43f531893d7",
              "status": "affected",
              "version": "ff5bbbdee08287d75d72e65b72a2b76d9637892a",
              "versionType": "git"
            },
            {
              "lessThan": "c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58",
              "status": "affected",
              "version": "ee39384ee787e86e9db4efb843818ef0ea9cb8ae",
              "versionType": "git"
            },
            {
              "lessThan": "a09dc967b3c58899e259c0aea092f421d22a0b04",
              "status": "affected",
              "version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
              "versionType": "git"
            },
            {
              "lessThan": "86dfdd8288907f03c18b7fb462e0e232c4f98d89",
              "status": "affected",
              "version": "aee2424246f9f1dadc33faa78990c1e2eb7826e4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/iwcm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.11"
            },
            {
              "lessThan": "6.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.323",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.285",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.113",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.54",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.12",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\n\nIn the commit aee2424246f9 (\"RDMA/iwcm: Fix a use-after-free related to\ndestroying CM IDs\"), the function flush_workqueue is invoked to flush the\nwork queue iwcm_wq.\n\nBut at that time, the work queue iwcm_wq was created via the function\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\n\nBecause the current process is trying to flush the whole iwcm_wq, if\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\nleading to a deadlock.\n\nThe call trace is as below:\n\n[  125.350876][ T1430] Call Trace:\n[  125.356281][ T1430]  \u003cTASK\u003e\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n[  125.566487][ T1430]  \u003c/TASK\u003e\n[  125.566488][ T1430] ---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:26:16.864Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635"
        },
        {
          "url": "https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6"
        },
        {
          "url": "https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58"
        },
        {
          "url": "https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04"
        },
        {
          "url": "https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89"
        }
      ],
      "title": "RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-47696",
    "datePublished": "2024-10-21T11:53:33.950Z",
    "dateReserved": "2024-09-30T16:00:12.942Z",
    "dateUpdated": "2024-12-19T09:26:16.864Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-47696\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-10-21T12:15:06.257\",\"lastModified\":\"2024-11-08T16:15:25.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\\n\\nIn the commit aee2424246f9 (\\\"RDMA/iwcm: Fix a use-after-free related to\\ndestroying CM IDs\\\"), the function flush_workqueue is invoked to flush the\\nwork queue iwcm_wq.\\n\\nBut at that time, the work queue iwcm_wq was created via the function\\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\\n\\nBecause the current process is trying to flush the whole iwcm_wq, if\\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\\nleading to a deadlock.\\n\\nThe call trace is as below:\\n\\n[  125.350876][ T1430] Call Trace:\\n[  125.356281][ T1430]  \u003cTASK\u003e\\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\\n[  125.566487][ T1430]  \u003c/TASK\u003e\\n[  125.566488][ T1430] ---[ end trace 0000000000000000 ]---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency En el commit aee2424246f9 (\\\"RDMA/iwcm: Fix a use-after-free related to destroying CM IDs\\\"), se invoca la funci\u00f3n flush_workqueue para vaciar la cola de trabajo iwcm_wq. Pero en ese momento, la cola de trabajo iwcm_wq se cre\u00f3 a trav\u00e9s de la funci\u00f3n alloc_ordered_workqueue sin el indicador WQ_MEM_RECLAIM. Debido a que el proceso actual est\u00e1 intentando vaciar todo iwcm_wq, si iwcm_wq no tiene el indicador WQ_MEM_RECLAIM, verifique que el proceso actual no est\u00e9 recuperando memoria o ejecut\u00e1ndose en una cola de trabajo que no tenga el indicador WQ_MEM_RECLAIM, ya que eso puede romper la garant\u00eda de progreso hacia adelante y provocar un bloqueo. El seguimiento de la llamada es el siguiente: [ 125.350876][ T1430] Seguimiento de la llamada: [ 125.356281][ T1430]  [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminador 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminador 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminador 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (n\u00facleo/bloqueo/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (controladores/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (controladores/nvme/host/rdma.c:656 controladores/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (controladores/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] proceso_uno_trabajo (kernel/workqueue.c:3231) [ 125.515122][ T1430] subproceso_de_trabajo (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_subproceso_de_trabajo (kernel/workqueue.c:3339) [ 125.531837][ T1430] subproceso_de_trabajo (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430]  [ 125.566488][ T1430] ---[ fin de seguimiento 000000000000000 ]---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.19.320\",\"versionEndExcluding\":\"5.4\",\"matchCriteriaId\":\"F09E537F-AD7C-4CDD-94C7-982AB40F0250\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.4.282\",\"versionEndExcluding\":\"5.10\",\"matchCriteriaId\":\"90BDC6BE-7108-4153-B444-9458B801A490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.10.224\",\"versionEndExcluding\":\"5.10.227\",\"matchCriteriaId\":\"7E8BD058-58ED-4814-A074-86C0143050D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.15.165\",\"versionEndExcluding\":\"5.15.168\",\"matchCriteriaId\":\"7C1D9631-2FF8-491B-B364-0C17573AE285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.103\",\"versionEndExcluding\":\"6.1.113\",\"matchCriteriaId\":\"B972EDA4-04F8-4699-8D9D-A5DC02BE8618\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.6.44\",\"versionEndExcluding\":\"6.6.54\",\"matchCriteriaId\":\"120EDEE6-5DF3-41B7-B899-A20906FEC9A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.10.3\",\"versionEndExcluding\":\"6.10.13\",\"matchCriteriaId\":\"6C8722B8-BE3E-4B88-AA44-E3441523B260\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.11\",\"versionEndExcluding\":\"6.11.2\",\"matchCriteriaId\":\"AB755D26-97F4-43B6-8604-CD076811E181\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-47696\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T13:05:12.849051Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T13:05:15.991Z\"}}], \"cna\": {\"title\": \"RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"d91d253c87fd1efece521ff2612078a35af673c6\", \"lessThan\": \"da2708a19f45b4a7278adf523837c8db21d1e2b5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"7f25f296fc9bd0435be14e89bf657cd615a23574\", \"lessThan\": \"29b3bbd912b8db86df7a3c180b910ccb621f5635\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"94ee7ff99b87435ec63211f632918dc7f44dac79\", \"lessThan\": \"2efe8da2ddbf873385b4bc55366d09350b408df6\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"557d035fe88d78dd51664f4dc0e1896c04c97cf6\", \"lessThan\": \"da0392698c62397c19deb1b9e9bdf2fbb5a9420e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"dc8074b8901caabb97c2d353abd6b4e7fa5a59a5\", \"lessThan\": \"a64f30db12bdc937c5108158d98c8eab1925c548\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ff5bbbdee08287d75d72e65b72a2b76d9637892a\", \"lessThan\": \"8b7df76356d098f85f3bd2c7cf6fb43f531893d7\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"ee39384ee787e86e9db4efb843818ef0ea9cb8ae\", \"lessThan\": \"c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"aee2424246f9f1dadc33faa78990c1e2eb7826e4\", \"lessThan\": \"a09dc967b3c58899e259c0aea092f421d22a0b04\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"aee2424246f9f1dadc33faa78990c1e2eb7826e4\", \"lessThan\": \"86dfdd8288907f03c18b7fb462e0e232c4f98d89\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/infiniband/core/iwcm.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.11\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.11\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.323\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.285\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.227\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.168\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.113\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.54\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.10.13\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/infiniband/core/iwcm.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5\"}, {\"url\": \"https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635\"}, {\"url\": \"https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6\"}, {\"url\": \"https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e\"}, {\"url\": \"https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548\"}, {\"url\": \"https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7\"}, {\"url\": \"https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58\"}, {\"url\": \"https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04\"}, {\"url\": \"https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency\\n\\nIn the commit aee2424246f9 (\\\"RDMA/iwcm: Fix a use-after-free related to\\ndestroying CM IDs\\\"), the function flush_workqueue is invoked to flush the\\nwork queue iwcm_wq.\\n\\nBut at that time, the work queue iwcm_wq was created via the function\\nalloc_ordered_workqueue without the flag WQ_MEM_RECLAIM.\\n\\nBecause the current process is trying to flush the whole iwcm_wq, if\\niwcm_wq doesn\u0027t have the flag WQ_MEM_RECLAIM, verify that the current\\nprocess is not reclaiming memory or running on a workqueue which doesn\u0027t\\nhave the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee\\nleading to a deadlock.\\n\\nThe call trace is as below:\\n\\n[  125.350876][ T1430] Call Trace:\\n[  125.356281][ T1430]  \u003cTASK\u003e\\n[ 125.361285][ T1430] ? __warn (kernel/panic.c:693)\\n[ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219)\\n[ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239)\\n[ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\\n[ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621)\\n[ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9))\\n[ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970)\\n[ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151)\\n[ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm\\n[ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910)\\n[ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)\\n[ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161)\\n[ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm\\n[ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma\\n[ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma\\n[ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231)\\n[ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393)\\n[ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339)\\n[ 125.531837][ T1430] kthread (kernel/kthread.c:389)\\n[ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147)\\n[ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342)\\n[ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\\n[  125.566487][ T1430]  \u003c/TASK\u003e\\n[  125.566488][ T1430] ---[ end trace 0000000000000000 ]---\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T09:26:16.864Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-47696\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T09:26:16.864Z\", \"dateReserved\": \"2024-09-30T16:00:12.942Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-10-21T11:53:33.950Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.