ghsa-2gvh-vj62-qjmp
Vulnerability from github
Published
2024-10-21 18:30
Modified
2025-01-02 15:31
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details

In the Linux kernel, the following vulnerability has been resolved:

rcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb()

For kernels built with CONFIG_FORCE_NR_CPUS=y, the nr_cpu_ids is defined as NR_CPUS instead of the number of possible cpus, this will cause the following system panic:

smpboot: Allowing 4 CPUs, 0 hotplug CPUs ... setup_percpu: NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:512 nr_node_ids:1 ... BUG: unable to handle page fault for address: ffffffff9911c8c8 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 15 Comm: rcu_tasks_trace Tainted: G W 6.6.21 #1 5dc7acf91a5e8e9ac9dcfc35bee0245691283ea6 RIP: 0010:rcu_tasks_need_gpcb+0x25d/0x2c0 RSP: 0018:ffffa371c00a3e60 EFLAGS: 00010082 CR2: ffffffff9911c8c8 CR3: 000000040fa20005 CR4: 00000000001706f0 Call Trace: ? __die+0x23/0x80 ? page_fault_oops+0xa4/0x180 ? exc_page_fault+0x152/0x180 ? asm_exc_page_fault+0x26/0x40 ? rcu_tasks_need_gpcb+0x25d/0x2c0 ? __pfx_rcu_tasks_kthread+0x40/0x40 rcu_tasks_one_gp+0x69/0x180 rcu_tasks_kthread+0x94/0xc0 kthread+0xe8/0x140 ? __pfx_kthread+0x40/0x40 ret_from_fork+0x34/0x80 ? __pfx_kthread+0x40/0x40 ret_from_fork_asm+0x1b/0x80

Considering that there may be holes in the CPU numbers, use the maximum possible cpu number, instead of nr_cpu_ids, for configuring enqueue and dequeue limits.

[ neeraj.upadhyay: Fix htmldocs build error reported by Stephen Rothwell ]

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2024-49926"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-21T18:15:14Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu-tasks: Fix access non-existent percpu rtpcp variable in rcu_tasks_need_gpcb()\n\nFor kernels built with CONFIG_FORCE_NR_CPUS=y, the nr_cpu_ids is\ndefined as NR_CPUS instead of the number of possible cpus, this\nwill cause the following system panic:\n\nsmpboot: Allowing 4 CPUs, 0 hotplug CPUs\n...\nsetup_percpu: NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:512 nr_node_ids:1\n...\nBUG: unable to handle page fault for address: ffffffff9911c8c8\nOops: 0000 [#1] PREEMPT SMP PTI\nCPU: 0 PID: 15 Comm: rcu_tasks_trace Tainted: G W\n6.6.21 #1 5dc7acf91a5e8e9ac9dcfc35bee0245691283ea6\nRIP: 0010:rcu_tasks_need_gpcb+0x25d/0x2c0\nRSP: 0018:ffffa371c00a3e60 EFLAGS: 00010082\nCR2: ffffffff9911c8c8 CR3: 000000040fa20005 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\n? __die+0x23/0x80\n? page_fault_oops+0xa4/0x180\n? exc_page_fault+0x152/0x180\n? asm_exc_page_fault+0x26/0x40\n? rcu_tasks_need_gpcb+0x25d/0x2c0\n? __pfx_rcu_tasks_kthread+0x40/0x40\nrcu_tasks_one_gp+0x69/0x180\nrcu_tasks_kthread+0x94/0xc0\nkthread+0xe8/0x140\n? __pfx_kthread+0x40/0x40\nret_from_fork+0x34/0x80\n? __pfx_kthread+0x40/0x40\nret_from_fork_asm+0x1b/0x80\n\u003c/TASK\u003e\n\nConsidering that there may be holes in the CPU numbers, use the\nmaximum possible cpu number, instead of nr_cpu_ids, for configuring\nenqueue and dequeue limits.\n\n[ neeraj.upadhyay: Fix htmldocs build error reported by Stephen Rothwell ]",
  "id": "GHSA-2gvh-vj62-qjmp",
  "modified": "2025-01-02T15:31:57Z",
  "published": "2024-10-21T18:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49926"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/05095271a4fb0f6497121a057f9a2edf386d5d96"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/224fd631c41b81697aa622d38615bfbf446b91cf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3104bddc666ff64b90491868bbc4c7ebdd90aedf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/acddb87620142f38fda834cd1ec661512ca59241"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/b3b2431ed27f4ebc28e26cdf005c1de42dc60bdf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/fd70e9f1d85f5323096ad313ba73f5fe3d15ea41"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.