logo_clicknbuy.png

CVE-2024-57891 – Linux Kernel – Unpredictable IRQ Restoration Vulnerability in Sched Ext

The following table lists the changes that have been made to the
CVE-2024-57891 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jan. 15, 2025

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved:

    sched_ext: Fix invalid irq restore in scx_ops_bypass()

    While adding outer irqsave/restore locking, 0e7ffff1b811 (“scx: Fix raciness
    in scx_ops_bypass()”) forgot to convert an inner rq_unlock_irqrestore() to
    rq_unlock() which could re-enable IRQ prematurely leading to the following
    warning:

    raw_local_irq_restore() called with IRQs enabled
    WARNING: CPU: 1 PID: 96 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40

    Sched_ext: create_dsq (enabling)
    pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=–)
    pc : warn_bogus_irq_restore+0x30/0x40
    lr : warn_bogus_irq_restore+0x30/0x40

    Call trace:
    warn_bogus_irq_restore+0x30/0x40 (P)
    warn_bogus_irq_restore+0x30/0x40 (L)
    scx_ops_bypass+0x224/0x3b8
    scx_ops_enable.isra.0+0x2c8/0xaa8
    bpf_scx_reg+0x18/0x30

    irq event stamp: 33739
    hardirqs last enabled at (33739): [] scx_ops_bypass+0x174/0x3b8
    hardirqs last disabled at (33738): [] _raw_spin_lock_irqsave+0xb4/0xd8

    Drop the stray _irqrestore().
    Added Reference https://git.kernel.org/stable/c/18b2093f4598d8ee67a8153badc93f0fa7686b8a
    Added Reference https://git.kernel.org/stable/c/786362ce60d79967875f43e0ba55ad7a5376c133
Share the Post:

Related Posts