CVE-2024-40980

CVE Details

Release Date:

2024-07-12

Description

In the Linux kernel, the following vulnerability has been resolved:\ndrop_monitor: replace spin_lock by raw_spin_lock\ntrace_drop_common() is called with preemption disabled, and it acquires\na spin_lock. This is problematic for RT kernels because spin_locks are\nsleeping locks in this configuration, which causes the following splat:\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47\npreempt_count: 1, expected: 0\nRCU nest depth: 2, expected: 2\n5 locks held by rcuc/47/449:\n#0: ff1100086ec30a60 ((softirq_ctrl.lock)){+.+.}-{2:2}, at: __local_bh_disable_ip+0x105/0x210\n#1: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: rt_spin_lock+0xbf/0x130\n#2: ffffffffb394a280 (rcu_read_lock){....}-{1:2}, at: __local_bh_disable_ip+0x11c/0x210\n#3: ffffffffb394a160 (rcu_callback){....}-{0:0}, at: rcu_do_batch+0x360/0xc70\n#4: ff1100086ee07520 (&data->lock){+.+.}-{2:2}, at: trace_drop_common.constprop.0+0xb5/0x290\nirq event stamp: 139909\nhardirqs last enabled at (139908): [] _raw_spin_unlock_irqrestore+0x63/0x80\nhardirqs last disabled at (139909): [] trace_drop_common.constprop.0+0x26d/0x290\nsoftirqs last enabled at (139892): [] __local_bh_enable_ip+0x103/0x170\nsoftirqs last disabled at (139898): [] rcu_cpu_kthread+0x93/0x1f0\nPreemption disabled at:\n[] rt_mutex_slowunlock+0xab/0x2e0\nCPU: 47 PID: 449 Comm: rcuc/47 Not tainted 6.9.0-rc2-rt1+ #7\nHardware name: Dell Inc. PowerEdge R650/0Y2G81, BIOS 1.6.5 04/15/2022\nCall Trace:\n\ndump_stack_lvl+0x8c/0xd0\ndump_stack+0x14/0x20\n__might_resched+0x21e/0x2f0\nrt_spin_lock+0x5e/0x130\n? trace_drop_common.constprop.0+0xb5/0x290\n? skb_queue_purge_reason.part.0+0x1bf/0x230\ntrace_drop_common.constprop.0+0xb5/0x290\n? preempt_count_sub+0x1c/0xd0\n? _raw_spin_unlock_irqrestore+0x4a/0x80\n? __pfx_trace_drop_common.constprop.0+0x10/0x10\n? rt_mutex_slowunlock+0x26a/0x2e0\n? skb_queue_purge_reason.part.0+0x1bf/0x230\n? __pfx_rt_mutex_slowunlock+0x10/0x10\n? skb_queue_purge_reason.part.0+0x1bf/0x230\ntrace_kfree_skb_hit+0x15/0x20\ntrace_kfree_skb+0xe9/0x150\nkfree_skb_reason+0x7b/0x110\nskb_queue_purge_reason.part.0+0x1bf/0x230\n? __pfx_skb_queue_purge_reason.part.0+0x10/0x10\n? mark_lock.part.0+0x8a/0x520\n...\ntrace_drop_common() also disables interrupts, but this is a minor issue\nbecause we could easily replace it with a local_lock.\nReplace the spin_lock with raw_spin_lock to avoid sleeping in atomic\ncontext.

See more information about CVE-2024-40980 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	5.5	CVSS Vector:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	Low
Privileges Required:	Low	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12618	2024-09-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12618	2024-09-12