CVE-2024-50095

CVE Details

Release Date:	2024-11-05
Impact:	Moderate	What is this?

Description

In the Linux kernel, the following vulnerability has been resolved:\nRDMA/mad: Improve handling of timed out WRs of mad agent\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv\nlock for every timed out WRs. This causes heavy locking contention\nwhen higher no. of WRs are to be handled inside timeout handler.\nThis leads to softlockup with below trace in some use cases where\nrdma-cm path is used to establish connection between peer nodes\nTrace:\n-----\nBUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767]\nCPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE\n------- --- 5.14.0-427.13.1.el9_4.x86_64 #1\nHardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019\nWorkqueue: ib_mad1 timeout_sends [ib_core]\nRIP: 0010:__do_softirq+0x78/0x2ac\nRSP: 0018:ffffb253449e4f98 EFLAGS: 00000246\nRAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f\nRDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b\nRBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000\nR10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040\nFS: 0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? __irq_exit_rcu+0xa1/0xc0\n? watchdog_timer_fn+0x1b2/0x210\n? __pfx_watchdog_timer_fn+0x10/0x10\n? __hrtimer_run_queues+0x127/0x2c0\n? hrtimer_interrupt+0xfc/0x210\n? __sysvec_apic_timer_interrupt+0x5c/0x110\n? sysvec_apic_timer_interrupt+0x37/0x90\n? asm_sysvec_apic_timer_interrupt+0x16/0x20\n? __do_softirq+0x78/0x2ac\n? __do_softirq+0x60/0x2ac\n__irq_exit_rcu+0xa1/0xc0\nsysvec_call_function_single+0x72/0x90\n\n\nasm_sysvec_call_function_single+0x16/0x20\nRIP: 0010:_raw_spin_unlock_irq+0x14/0x30\nRSP: 0018:ffffb253604cbd88 EFLAGS: 00000247\nRAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800\nRDX: 000000008020001b RSI: 0000000000000001 RDI: ffff8cad5d39f66c\nRBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538\nR13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c\ncm_process_send_error+0x122/0x1d0 [ib_cm]\ntimeout_sends+0x1dd/0x270 [ib_core]\nprocess_one_work+0x1e2/0x3b0\n? __pfx_worker_thread+0x10/0x10\nworker_thread+0x50/0x3a0\n? __pfx_worker_thread+0x10/0x10\nkthread+0xdd/0x100\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x29/0x50\n\nSimplified timeout handler by creating local list of timed out WRs\nand invoke send handler post creating the list. The new method acquires/\nreleases lock once to fetch the list and hence helps to reduce locking\ncontetiong when processing higher no. of WRs

See more information about CVE-2024-50095 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	5.5
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	High

Errata information

Platform

Errata

Release Date