Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-50079

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
29/10/2024
Last modified:
01/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work<br /> <br /> When the sqpoll is exiting and cancels pending work items, it may need<br /> to run task_work. If this happens from within io_uring_cancel_generic(),<br /> then it may be under waiting for the io_uring_task waitqueue. This<br /> results in the below splat from the scheduler, as the ring mutex may be<br /> attempted grabbed while in a TASK_INTERRUPTIBLE state.<br /> <br /> Ensure that the task state is set appropriately for that, just like what<br /> is done for the other cases in io_run_task_work().<br /> <br /> do not call blocking ops when !TASK_RUNNING; state=1 set at [] prepare_to_wait+0x88/0x2fc<br /> WARNING: CPU: 6 PID: 59939 at kernel/sched/core.c:8561 __might_sleep+0xf4/0x140<br /> Modules linked in:<br /> CPU: 6 UID: 0 PID: 59939 Comm: iou-sqp-59938 Not tainted 6.12.0-rc3-00113-g8d020023b155 #7456<br /> Hardware name: linux,dummy-virt (DT)<br /> pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)<br /> pc : __might_sleep+0xf4/0x140<br /> lr : __might_sleep+0xf4/0x140<br /> sp : ffff80008c5e7830<br /> x29: ffff80008c5e7830 x28: ffff0000d93088c0 x27: ffff60001c2d7230<br /> x26: dfff800000000000 x25: ffff0000e16b9180 x24: ffff80008c5e7a50<br /> x23: 1ffff000118bcf4a x22: ffff0000e16b9180 x21: ffff0000e16b9180<br /> x20: 000000000000011b x19: ffff80008310fac0 x18: 1ffff000118bcd90<br /> x17: 30303c5b20746120 x16: 74657320313d6574 x15: 0720072007200720<br /> x14: 0720072007200720 x13: 0720072007200720 x12: ffff600036c64f0b<br /> x11: 1fffe00036c64f0a x10: ffff600036c64f0a x9 : dfff800000000000<br /> x8 : 00009fffc939b0f6 x7 : ffff0001b6327853 x6 : 0000000000000001<br /> x5 : ffff0001b6327850 x4 : ffff600036c64f0b x3 : ffff8000803c35bc<br /> x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000e16b9180<br /> Call trace:<br /> __might_sleep+0xf4/0x140<br /> mutex_lock+0x84/0x124<br /> io_handle_tw_list+0xf4/0x260<br /> tctx_task_work_run+0x94/0x340<br /> io_run_task_work+0x1ec/0x3c0<br /> io_uring_cancel_generic+0x364/0x524<br /> io_sq_thread+0x820/0x124c<br /> ret_from_fork+0x10/0x20

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.9 (including) 6.11.5 (excluding)
cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools