Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2024-36028

Severity CVSS v4.0:
Pending analysis
Type:
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Publication date:
30/05/2024
Last modified:
18/09/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()<br /> <br /> When I did memory failure tests recently, below warning occurs:<br /> <br /> DEBUG_LOCKS_WARN_ON(1)<br /> WARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0<br /> Modules linked in: mce_inject hwpoison_inject<br /> CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014<br /> RIP: 0010:__lock_acquire+0xccb/0x1ca0<br /> RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082<br /> RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8<br /> RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0<br /> RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb<br /> R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10<br /> R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004<br /> FS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000<br /> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> CR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0<br /> Call Trace:<br /> <br /> lock_acquire+0xbe/0x2d0<br /> _raw_spin_lock_irqsave+0x3a/0x60<br /> hugepage_subpool_put_pages.part.0+0xe/0xc0<br /> free_huge_folio+0x253/0x3f0<br /> dissolve_free_huge_page+0x147/0x210<br /> __page_handle_poison+0x9/0x70<br /> memory_failure+0x4e6/0x8c0<br /> hard_offline_page_store+0x55/0xa0<br /> kernfs_fop_write_iter+0x12c/0x1d0<br /> vfs_write+0x380/0x540<br /> ksys_write+0x64/0xe0<br /> do_syscall_64+0xbc/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> RIP: 0033:0x7ff9f3114887<br /> RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001<br /> RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887<br /> RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001<br /> RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c<br /> R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00<br /> <br /> Kernel panic - not syncing: kernel: panic_on_warn set ...<br /> CPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014<br /> Call Trace:<br /> <br /> panic+0x326/0x350<br /> check_panic_on_warn+0x4f/0x50<br /> __warn+0x98/0x190<br /> report_bug+0x18e/0x1a0<br /> handle_bug+0x3d/0x70<br /> exc_invalid_op+0x18/0x70<br /> asm_exc_invalid_op+0x1a/0x20<br /> RIP: 0010:__lock_acquire+0xccb/0x1ca0<br /> RSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082<br /> RAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8<br /> RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0<br /> RBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb<br /> R10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10<br /> R13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004<br /> lock_acquire+0xbe/0x2d0<br /> _raw_spin_lock_irqsave+0x3a/0x60<br /> hugepage_subpool_put_pages.part.0+0xe/0xc0<br /> free_huge_folio+0x253/0x3f0<br /> dissolve_free_huge_page+0x147/0x210<br /> __page_handle_poison+0x9/0x70<br /> memory_failure+0x4e6/0x8c0<br /> hard_offline_page_store+0x55/0xa0<br /> kernfs_fop_write_iter+0x12c/0x1d0<br /> vfs_write+0x380/0x540<br /> ksys_write+0x64/0xe0<br /> do_syscall_64+0xbc/0x1d0<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> RIP: 0033:0x7ff9f3114887<br /> RSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001<br /> RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887<br /> RDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001<br /> RBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff<br /> R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c<br /> R13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00<br /> <br /> <br /> After git bisecting and digging into the code, I believe the root cause is<br /> that _deferred_list field of folio is unioned with _hugetlb_subpool field.<br /> In __update_and_free_hugetlb_folio(), folio-&gt;_deferred_<br /> ---truncated---

Impact

Vector 3.x
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 4.70 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x
4.70
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.1.47 (including) 6.1.91 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.4.11 (including) 6.5 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.5.1 (including) 6.6.31 (excluding)
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* 6.7 (including) 6.8.9 (excluding)
cpe:2.3:o:linux:linux_kernel:6.5:-:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.5:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:6.9:rc5:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools