Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-57977

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/02/2025
Last modified:
13/03/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> memcg: fix soft lockup in the OOM process<br /> <br /> A soft lockup issue was found in the product with about 56,000 tasks were<br /> in the OOM cgroup, it was traversing them when the soft lockup was<br /> triggered.<br /> <br /> watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066]<br /> CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G<br /> Hardware name: Huawei Cloud OpenStack Nova, BIOS<br /> RIP: 0010:console_unlock+0x343/0x540<br /> RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13<br /> RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff<br /> RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247<br /> RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040<br /> R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0<br /> R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0<br /> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br /> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br /> Call Trace:<br /> vprintk_emit+0x193/0x280<br /> printk+0x52/0x6e<br /> dump_task+0x114/0x130<br /> mem_cgroup_scan_tasks+0x76/0x100<br /> dump_header+0x1fe/0x210<br /> oom_kill_process+0xd1/0x100<br /> out_of_memory+0x125/0x570<br /> mem_cgroup_out_of_memory+0xb5/0xd0<br /> try_charge+0x720/0x770<br /> mem_cgroup_try_charge+0x86/0x180<br /> mem_cgroup_try_charge_delay+0x1c/0x40<br /> do_anonymous_page+0xb5/0x390<br /> handle_mm_fault+0xc4/0x1f0<br /> <br /> This is because thousands of processes are in the OOM cgroup, it takes a<br /> long time to traverse all of them. As a result, this lead to soft lockup<br /> in the OOM process.<br /> <br /> To fix this issue, call &amp;#39;cond_resched&amp;#39; in the &amp;#39;mem_cgroup_scan_tasks&amp;#39;<br /> function per 1000 iterations. For global OOM, call<br /> &amp;#39;touch_softlockup_watchdog&amp;#39; per 1000 iterations to avoid this issue.

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 3.6 (including) 6.12.13 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.13 (including) 6.13.2 (excluding)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools