CVE-2024-50249
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/11/2024
Last modified:
03/11/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
ACPI: CPPC: Make rmw_lock a raw_spin_lock<br />
<br />
The following BUG was triggered:<br />
<br />
=============================<br />
[ BUG: Invalid wait context ]<br />
6.12.0-rc2-XXX #406 Not tainted<br />
-----------------------------<br />
kworker/1:1/62 is trying to lock:<br />
ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370<br />
other info that might help us debug this:<br />
context-{5:5}<br />
2 locks held by kworker/1:1/62:<br />
#0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50<br />
#1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280<br />
stack backtrace:<br />
CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406<br />
Workqueue: 0x0 (events)<br />
Call trace:<br />
dump_backtrace+0xa4/0x130<br />
show_stack+0x20/0x38<br />
dump_stack_lvl+0x90/0xd0<br />
dump_stack+0x18/0x28<br />
__lock_acquire+0x480/0x1ad8<br />
lock_acquire+0x114/0x310<br />
_raw_spin_lock+0x50/0x70<br />
cpc_write+0xcc/0x370<br />
cppc_set_perf+0xa0/0x3a8<br />
cppc_cpufreq_fast_switch+0x40/0xc0<br />
cpufreq_driver_fast_switch+0x4c/0x218<br />
sugov_update_shared+0x234/0x280<br />
update_load_avg+0x6ec/0x7b8<br />
dequeue_entities+0x108/0x830<br />
dequeue_task_fair+0x58/0x408<br />
__schedule+0x4f0/0x1070<br />
schedule+0x54/0x130<br />
worker_thread+0xc0/0x2e8<br />
kthread+0x130/0x148<br />
ret_from_fork+0x10/0x20<br />
<br />
sugov_update_shared() locks a raw_spinlock while cpc_write() locks a<br />
spinlock.<br />
<br />
To have a correct wait-type order, update rmw_lock to a raw spinlock and<br />
ensure that interrupts will be disabled on the CPU holding it.<br />
<br />
[ rjw: Changelog edits ]
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.15.168 (including) | 5.15.171 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.1.113 (including) | 6.1.116 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.6.54 (including) | 6.6.60 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.10.13 (including) | 6.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.11.2 (including) | 6.11.7 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.12:rc5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0eb2b767c42fac61ab23c4063eb456baa4c2c262
- https://git.kernel.org/stable/c/1c10941e34c5fdc0357e46a25bd130d9cf40b925
- https://git.kernel.org/stable/c/23039b4aaf1e82e0feea1060834d4ec34262e453
- https://git.kernel.org/stable/c/43b1df48d1e7000a214acd1a81b8012ca8a929c8
- https://git.kernel.org/stable/c/c46d6b02588000c27b7b869388c2c0278bd0d173
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html