Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-56583

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/12/2024
Last modified:
07/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> sched/deadline: Fix warning in migrate_enable for boosted tasks<br /> <br /> When running the following command:<br /> <br /> while true; do<br /> stress-ng --cyclic 30 --timeout 30s --minimize --quiet<br /> done<br /> <br /> a warning is eventually triggered:<br /> <br /> WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794<br /> setup_new_dl_entity+0x13e/0x180<br /> ...<br /> Call Trace:<br /> <br /> ? show_trace_log_lvl+0x1c4/0x2df<br /> ? enqueue_dl_entity+0x631/0x6e0<br /> ? setup_new_dl_entity+0x13e/0x180<br /> ? __warn+0x7e/0xd0<br /> ? report_bug+0x11a/0x1a0<br /> ? handle_bug+0x3c/0x70<br /> ? exc_invalid_op+0x14/0x70<br /> ? asm_exc_invalid_op+0x16/0x20<br /> enqueue_dl_entity+0x631/0x6e0<br /> enqueue_task_dl+0x7d/0x120<br /> __do_set_cpus_allowed+0xe3/0x280<br /> __set_cpus_allowed_ptr_locked+0x140/0x1d0<br /> __set_cpus_allowed_ptr+0x54/0xa0<br /> migrate_enable+0x7e/0x150<br /> rt_spin_unlock+0x1c/0x90<br /> group_send_sig_info+0xf7/0x1a0<br /> ? kill_pid_info+0x1f/0x1d0<br /> kill_pid_info+0x78/0x1d0<br /> kill_proc_info+0x5b/0x110<br /> __x64_sys_kill+0x93/0xc0<br /> do_syscall_64+0x5c/0xf0<br /> entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> RIP: 0033:0x7f0dab31f92b<br /> <br /> This warning occurs because set_cpus_allowed dequeues and enqueues tasks<br /> with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning<br /> is triggered. A boosted task already had its parameters set by<br /> rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,<br /> hence the WARN_ON call.<br /> <br /> Check if we are requeueing a boosted task and avoid calling<br /> setup_new_dl_entity if that&amp;#39;s the case.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 4.14.70 (including) 6.6.66 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.12.5 (excluding)
cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools