Home

CVE-2024-26987

Description

In the Linux kernel, the following vulnerability has been resolved:mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabledWhen I did hard offline test with hugetlb pages, below deadlock occurs:======================================================WARNING: possible circular locking dependency detected6.8.0-11409-gf6cef5f8c37f #1 Not tainted------------------------------------------------------bash/46904 is trying to acquire lock:ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60but task is already holding lock:ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40which lock already depends on the new lock.the existing dependency chain (in reverse order) is:-> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30-> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK ***5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40stack backtrace:CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014Call Trace: dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75RIP: 0033:0x7fc862314887Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffffR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000cR13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00In short, below scene breaks the ---truncated---

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.017

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in IBM Security Guardium 12.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 12.1Windows
Linux kernel (USN-6893-1) linux-image-6.8.0-1007-intel_6.8.0-1007.14_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-6.8.0-1008-ibm_6.8.0-1008.8_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-6.8.0-1008-oem_6.8.0-1008.8_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-6.8.0-1010-azure_6.8.0-1010.10_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-6.8.0-1010-azure-fde_6.8.0-1010.10_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-6.8.0-1010-gcp_6.8.0-1010.11_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-6.8.0-38-generic_6.8.0-38.38_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-6.8.0-38-lowlatency_6.8.0-38.38.1_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-azure_6.8.0-1010.10_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-azure-fde_6.8.0-1010.10_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-gcp_6.8.0-1010.11_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-generic_6.8.0-38.38_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-generic-hwe-24.04_6.8.0-38.38_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-ibm_6.8.0-1008.8_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-ibm-classic_6.8.0-1008.8_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-ibm-lts-24.04_6.8.0-1008.8_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-intel_6.8.0-1007.14_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-kvm_6.8.0-38.38_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-lowlatency_6.8.0-38.38.1_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-oem-24.04_6.8.0-1008.8_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-oem-24.04a_6.8.0-1008.8_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-virtual_6.8.0-38.38_amd64.debLinux
Linux kernel (USN-6893-1) linux-image-virtual-hwe-24.04_6.8.0-38.38_amd64.debLinux
Linux kernel for Google Container Engine (GKE) systems (USN-6893-2) linux-image-6.8.0-1006-gke_6.8.0-1006.9_amd64.debLinux
Linux kernel for Google Container Engine (GKE) systems (USN-6893-2) linux-image-6.8.0-1009-nvidia_6.8.0-1009.9_amd64.debLinux
Linux kernel for Google Container Engine (GKE) systems (USN-6893-2) linux-image-gke_6.8.0-1006.9_amd64.debLinux
Linux kernel for Google Container Engine (GKE) systems (USN-6893-2) linux-image-nvidia_6.8.0-1009.9_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-6893-3) linux-image-6.8.0-1011-aws_6.8.0-1011.12_amd64.debLinux
Linux kernel for Amazon Web Services (AWS) systems (USN-6893-3) linux-image-aws_6.8.0-1011.12_amd64.debLinux
Linux kernel for Oracle Cloud systems (USN-6918-1) linux-image-6.8.0-1008-oracle_6.8.0-1008.8_amd64.debLinux
Linux kernel for Oracle Cloud systems (USN-6918-1) linux-image-oracle_6.8.0-1008.8_amd64.debLinux
kernel Security Update (ALAS-2024-695) kernel-livepatch-6.1.90-99.173-1.0-0.amzn2023.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update rv-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update rtla-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update python3-perf-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update perf-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-uki-virt-addons-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-uki-virt-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-tools-libs-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-tools-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-modules-extra-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-modules-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-modules-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-headers-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-doc-5.14.0-503.11.1.el9_5.noarch.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-devel-matched-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-devel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-uki-virt-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-modules-extra-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-modules-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-modules-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-devel-matched-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-devel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-debug-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-abi-stablelists-5.14.0-503.11.1.el9_5.noarch.rpmLinux
(RHSA-2024:9315)Moderate: security update kernel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
(RHSA-2024:9315)Moderate: security update bpftool-7.4.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-uek-core update (ELSA-2024-12815) kernel-uek-core-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-core update (ELSA-2024-12815) kernel-uek-core-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-container-debug update (ELSA-2024-12815) kernel-uek-container-debug-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-container-debug update (ELSA-2024-12815) kernel-uek-container-debug-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-container update (ELSA-2024-12815) kernel-uek-container-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-container update (ELSA-2024-12815) kernel-uek-container-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek update (ELSA-2024-12815) kernel-uek-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek update (ELSA-2024-12815) kernel-uek-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Bpftool update (ELSA-2024-12815) bpftool-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-debug update (ELSA-2024-12815) kernel-uek-debug-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-debug update (ELSA-2024-12815) kernel-uek-debug-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-debug-modules update (ELSA-2024-12815) kernel-uek-debug-modules-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-doc update (ELSA-2024-12815) kernel-uek-doc-5.15.0-302.167.6.el8uek.noarch.rpmLinux
Kernel-uek-doc update (ELSA-2024-12815) kernel-uek-doc-5.15.0-302.167.6.el9uek.noarch.rpmLinux
Kernel-uek-debug-modules update (ELSA-2024-12815) kernel-uek-debug-modules-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-debug-modules-extra update (ELSA-2024-12815) kernel-uek-debug-modules-extra-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-modules update (ELSA-2024-12815) kernel-uek-modules-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-modules update (ELSA-2024-12815) kernel-uek-modules-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-debug-modules-extra update (ELSA-2024-12815) kernel-uek-debug-modules-extra-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-modules-extra update (ELSA-2024-12815) kernel-uek-modules-extra-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-modules-extra update (ELSA-2024-12815) kernel-uek-modules-extra-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2024-12815) kernel-uek-debug-devel-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2024-12815) kernel-uek-devel-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-debug-core update (ELSA-2024-12815) kernel-uek-debug-core-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-debug-core update (ELSA-2024-12815) kernel-uek-debug-core-5.15.0-302.167.6.el8uek.x86_64.rpmLinux
Kernel-uek-devel update (ELSA-2024-12815) kernel-uek-devel-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Bpftool update (ELSA-2024-12815) bpftool-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Kernel-uek-debug-devel update (ELSA-2024-12815) kernel-uek-debug-devel-5.15.0-302.167.6.el9uek.x86_64.rpmLinux
Rv update (ELSA-2024-9315) rv-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Rtla update (ELSA-2024-9315) rtla-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Python3-perf update (ELSA-2024-9315) python3-perf-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Perf update (ELSA-2024-9315) perf-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-uki-virt-addons update (ELSA-2024-9315) kernel-uki-virt-addons-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-uki-virt update (ELSA-2024-9315) kernel-uki-virt-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-tools-libs update (ELSA-2024-9315) kernel-tools-libs-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-tools update (ELSA-2024-9315) kernel-tools-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-modules-extra update (ELSA-2024-9315) kernel-modules-extra-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-modules-core update (ELSA-2024-9315) kernel-modules-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-modules update (ELSA-2024-9315) kernel-modules-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-headers update (ELSA-2024-9315) kernel-headers-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-doc update (ELSA-2024-9315) kernel-doc-5.14.0-503.11.1.el9_5.noarch.rpmLinux
Kernel-devel-matched update (ELSA-2024-9315) kernel-devel-matched-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-devel update (ELSA-2024-9315) kernel-devel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug-uki-virt update (ELSA-2024-9315) kernel-debug-uki-virt-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug-modules-extra update (ELSA-2024-9315) kernel-debug-modules-extra-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug-modules-core update (ELSA-2024-9315) kernel-debug-modules-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug-modules update (ELSA-2024-9315) kernel-debug-modules-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug-devel-matched update (ELSA-2024-9315) kernel-debug-devel-matched-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug-devel update (ELSA-2024-9315) kernel-debug-devel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug-core update (ELSA-2024-9315) kernel-debug-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-debug update (ELSA-2024-9315) kernel-debug-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-core update (ELSA-2024-9315) kernel-core-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Kernel-abi-stablelists update (ELSA-2024-9315) kernel-abi-stablelists-5.14.0-503.11.1.el9_5.noarch.rpmLinux
Kernel update (ELSA-2024-9315) kernel-5.14.0-503.11.1.el9_5.x86_64.rpmLinux
Bpftool update (ELSA-2024-9315) bpftool-7.4.0-503.11.1.el9_5.x86_64.rpmLinux
kernel Security Update (ALAS2023-2024-695) kernel-livepatch-6.1.90-99.173-1.0-0.amzn2023.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234