CVE-2024-38613
- ULN >
- Oracle Linux CVE repository >
- CVE-2024-38613
CVE Details
| Release Date: | 2024-06-19 |
Description
In the Linux kernel, the following vulnerability has been resolved:\nm68k: Fix spinlock race in kernel thread creation\nContext switching does take care to retain the correct lock owner across\nthe switch from 'prev' to 'next' tasks. This does rely on interrupts\nremaining disabled for the entire duration of the switch.\nThis condition is guaranteed for normal process creation and context\nswitching between already running processes, because both 'prev' and\n'next' already have interrupts disabled in their saved copies of the\nstatus register.\nThe situation is different for newly created kernel threads. The status\nregister is set to PS_S in copy_thread(), which does leave the IPL at 0.\nUpon restoring the 'next' thread's status register in switch_to() aka\nresume(), interrupts then become enabled prematurely. resume() then\nreturns via ret_from_kernel_thread() and schedule_tail() where run queue\nlock is released (see finish_task_switch() and finish_lock_switch()).\nA timer interrupt calling scheduler_tick() before the lock is released\nin finish_task_switch() will find the lock already taken, with the\ncurrent task as lock owner. This causes a spinlock recursion warning as\nreported by Guenter Roeck.\nAs far as I can ascertain, this race has been opened in commit\n533e6903bea0 ('m68k: split ret_from_fork(), simplify kernel_thread()')\nbut I haven't done a detailed study of kernel history so it may well\npredate that commit.\nInterrupts cannot be disabled in the saved status register copy for\nkernel threads (init will complain about interrupts disabled when\nfinally starting user space). Disable interrupts temporarily when\nswitching the tasks' register sets in resume().\nNote that a simple oriw 0x700,%sr after restoring sr is not enough here\n- this leaves enough of a race for the 'spinlock recursion' warning to\nstill be observed.\nTested on ARAnyM and qemu (Quadra 800 emulation).
See more information about CVE-2024-38613 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
| Base Score: | 4.4 | CVSS Vector: | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector: | Local network | Attack Complexity: | Low |
| Privileges Required: | High | User Interaction: | None |
| Scope: | Unchanged | Confidentiality Impact: | None |
| Integrity Impact: | None | Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 7 (kernel-uek) | ELSA-2024-12611 | 2024-09-11 |
| Oracle Linux version 7 (kernel-uek-container) | ELSA-2024-12585 | 2024-08-12 |
| Oracle Linux version 8 (kernel-uek) | ELSA-2024-12581 | 2024-08-12 |
| Oracle Linux version 8 (kernel-uek-container) | ELSA-2024-12584 | 2024-08-12 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
