CVE-2024-44968

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers hoist the access into the non-preemptible region where the pointer is actually used. But of course it's valid that the compiler keeps it at the place where the code puts it which rightfully triggers: BUG: using smp_processor_id() in preemptible [00000000] code: caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0 Move it to the actual usage site which is in a non-preemptible region.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/541a900d245536d4809cb1aa322c3fcc2cdb58a6	Patch
https://git.kernel.org/stable/c/668c6c4a7e9e9f081c06b70f30104fb7013437ed	Patch
https://git.kernel.org/stable/c/6881e75237a84093d0986f56223db3724619f26e	Patch
https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d	Patch
https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9	Patch
https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a	Patch
https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0	Patch
https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec18c01d6	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.11:rc1::::::

History

No history.

Information

Published : 2024-09-04 19:15

Updated : 2024-10-03 18:04

NVD link : CVE-2024-44968

Mitre link : CVE-2024-44968

CVE.ORG link : CVE-2024-44968

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-44968", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-09-04T19:15:31.173", "references": [{"url": "https://git.kernel.org/stable/c/541a900d245536d4809cb1aa322c3fcc2cdb58a6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/668c6c4a7e9e9f081c06b70f30104fb7013437ed", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/6881e75237a84093d0986f56223db3724619f26e", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec18c01d6", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/broadcast: Move per CPU pointer access into the atomic section\n\nThe recent fix for making the take over of the broadcast timer more\nreliable retrieves a per CPU pointer in preemptible context.\n\nThis went unnoticed as compilers hoist the access into the non-preemptible\nregion where the pointer is actually used. But of course it's valid that\nthe compiler keeps it at the place where the code puts it which rightfully\ntriggers:\n\n BUG: using smp_processor_id() in preemptible [00000000] code:\n caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0\n\nMove it to the actual usage site which is in a non-preemptible region."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tick/broadcast: mover el acceso al puntero por CPU a la secci\u00f3n at\u00f3mica La soluci\u00f3n reciente para hacer que la toma de control del temporizador de difusi\u00f3n sea m\u00e1s fiable recupera un puntero por CPU en un contexto preemptible. Esto pas\u00f3 desapercibido ya que los compiladores elevan el acceso a la regi\u00f3n no preemptible donde realmente se usa el puntero. Pero, por supuesto, es v\u00e1lido que el compilador lo mantenga en el lugar donde lo pone el c\u00f3digo, lo que activa correctamente: ERROR: usar smp_processor_id() en c\u00f3digo preemptible [00000000]: el llamador es hotplug_cpu__broadcast_tick_pull+0x1c/0xc0 Mu\u00e9valo al sitio de uso real que est\u00e1 en una regi\u00f3n no preemptible."}], "lastModified": "2024-10-03T18:04:57.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46ED0550-DB43-4D2A-8895-8F048C891A5F", "versionEndExcluding": "6.1.105", "versionStartIncluding": "6.1.103"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83875505-0CFF-44AD-A3E1-BE3F8B866F43", "versionEndExcluding": "6.6.46", "versionStartIncluding": "6.6.44"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECD67C7B-CA88-4F2B-B232-AE23DDFBA7D2", "versionEndExcluding": "6.10.5", "versionStartIncluding": "6.10.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}