CVE Details
Description
In the Linux kernel, the following vulnerability has been resolved:\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n[1]\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\nhardirqs last enabled at (6182793): [] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nhardirqs last disabled at (6182794): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (6182794): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last enabled at (6182792): [] spin_unlock_bh include/linux/spinlock.h:396 [inline]\nsoftirqs last enabled at (6182792): [] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\nsoftirqs last disabled at (6182790): [] spin_lock_bh include/linux/spinlock.h:356 [inline]\nsoftirqs last disabled at (6182790): [] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\npc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\nlr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n__daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\narch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n__local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nbatadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\nbatadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\nprocess_one_work+0x694/0x1204 kernel/workqueue.c:2633\nprocess_scheduled_works kernel/workqueue.c:2706 [inline]\nworker_thread+0x938/0xef4 kernel/workqueue.c:2787\nkthread+0x288/0x310 kernel/kthread.c:388\nret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\nlr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---
See more information about CVE-2024-40981 from MITRE CVE dictionary and NIST NVD
CVSS Scoring
NOTE: The following CVSS v3.1 metrics and score provided are preliminary and subject to review.
Base Score: |
5.5 |
CVSS Vector: |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Attack Vector: |
Local network |
Attack Complexity: |
Low |
Privileges Required: |
Low |
User Interaction: |
None |
Scope: |
Unchanged |
Confidentiality Impact: |
None |
Integrity Impact: |
None |
Availability Impact: |
High |
Errata information