Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-26841

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/04/2024
Last modified:
02/04/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> LoongArch: Update cpu_sibling_map when disabling nonboot CPUs<br /> <br /> Update cpu_sibling_map when disabling nonboot CPUs by defining &amp; calling<br /> clear_cpu_sibling_map(), otherwise we get such errors on SMT systems:<br /> <br /> jump label: negative count!<br /> WARNING: CPU: 6 PID: 45 at kernel/jump_label.c:263 __static_key_slow_dec_cpuslocked+0xec/0x100<br /> CPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340<br /> pc 90000000004c302c ra 90000000004c302c tp 90000001005bc000 sp 90000001005bfd20<br /> a0 000000000000001b a1 900000000224c278 a2 90000001005bfb58 a3 900000000224c280<br /> a4 900000000224c278 a5 90000001005bfb50 a6 0000000000000001 a7 0000000000000001<br /> t0 ce87a4763eb5234a t1 ce87a4763eb5234a t2 0000000000000000 t3 0000000000000000<br /> t4 0000000000000006 t5 0000000000000000 t6 0000000000000064 t7 0000000000001964<br /> t8 000000000009ebf6 u0 9000000001f2a068 s9 0000000000000000 s0 900000000246a2d8<br /> s1 ffffffffffffffff s2 ffffffffffffffff s3 90000000021518c0 s4 0000000000000040<br /> s5 9000000002151058 s6 9000000009828e40 s7 00000000000000b4 s8 0000000000000006<br /> ra: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100<br /> ERA: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100<br /> CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)<br /> PRMD: 00000004 (PPLV0 +PIE -PWE)<br /> EUEN: 00000000 (-FPE -SXE -ASXE -BTE)<br /> ECFG: 00071c1c (LIE=2-4,10-12 VS=7)<br /> ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)<br /> PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV)<br /> CPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340<br /> Stack : 0000000000000000 900000000203f258 900000000179afc8 90000001005bc000<br /> 90000001005bf980 0000000000000000 90000001005bf988 9000000001fe0be0<br /> 900000000224c280 900000000224c278 90000001005bf8c0 0000000000000001<br /> 0000000000000001 ce87a4763eb5234a 0000000007f38000 90000001003f8cc0<br /> 0000000000000000 0000000000000006 0000000000000000 4c206e6f73676e6f<br /> 6f4c203a656d616e 000000000009ec99 0000000007f38000 0000000000000000<br /> 900000000214b000 9000000001fe0be0 0000000000000004 0000000000000000<br /> 0000000000000107 0000000000000009 ffffffffffafdabe 00000000000000b4<br /> 0000000000000006 90000000004c302c 9000000000224528 00005555939a0c7c<br /> 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c<br /> ...<br /> Call Trace:<br /> [] show_stack+0x48/0x1a0<br /> [] dump_stack_lvl+0x78/0xa0<br /> [] __warn+0x90/0x1a0<br /> [] report_bug+0x1b8/0x280<br /> [] do_bp+0x264/0x420<br /> [] __static_key_slow_dec_cpuslocked+0xec/0x100<br /> [] sched_cpu_deactivate+0x2fc/0x300<br /> [] cpuhp_invoke_callback+0x178/0x8a0<br /> [] cpuhp_thread_fun+0xf0/0x240<br /> [] smpboot_thread_fn+0x1dc/0x2e0<br /> [] kthread+0x140/0x160<br /> [] ret_from_kernel_thread+0xc/0xa4

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 5.50 MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
5.50
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.6.19 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.7.7 (excluding)
cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools