CVE-2024-40981

ULN >
Oracle Linux CVE repository >
CVE-2024-40981

CVE Details

Release Date:

2024-07-12

Description

In the Linux kernel, the following vulnerability has been resolved:\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n[1]\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\nhardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nhardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\nsoftirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\nsoftirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\nsoftirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\npc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\nlr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n__daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\narch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n__local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nbatadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\nbatadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\nprocess_one_work+0x694/0x1204 kernel/workqueue.c:2633\nprocess_scheduled_works kernel/workqueue.c:2706 [inline]\nworker_thread+0x938/0xef4 kernel/workqueue.c:2787\nkthread+0x288/0x310 kernel/kthread.c:388\nret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\nlr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---

See more information about CVE-2024-40981 from MITRE CVE dictionary and NIST NVD

CVSS Scoring

NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.

Base Score:	4.1	CVSS Vector:	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector:	Local network	Attack Complexity:	High
Privileges Required:	High	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	None
Integrity Impact:	None	Availability Impact:	High

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 7 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12610	2024-09-10
Oracle Linux version 8 (kernel-uek)	ELSA-2024-12618	2024-09-12
Oracle Linux version 8 (kernel-uek-container)	ELSA-2024-12612	2024-09-11
Oracle Linux version 9 (kernel-uek)	ELSA-2024-12618	2024-09-12

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691