| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2024090413-CVE-2024-44958-80e9@gregkh> Date: Wed, 4 Sep 2024 20:36:18 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org> Subject: CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc Description =========== In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0 Call Trace: <TASK> __static_key_slow_dec_cpuslocked+0x16/0x70 sched_cpu_deactivate+0x26e/0x2a0 cpuhp_invoke_callback+0x3ad/0x10d0 cpuhp_thread_fun+0x3f5/0x680 smpboot_thread_fn+0x56d/0x8d0 kthread+0x309/0x400 ret_from_fork+0x41/0x70 ret_from_fork_asm+0x1b/0x30 </TASK> Because when cpuset_cpu_inactive() fails in sched_cpu_deactivate(), the cpu offline failed, but sched_smt_present is decremented before calling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so fix it by incrementing sched_smt_present in the error path. The Linux kernel CVE team has assigned CVE-2024-44958 to this issue. Affected and fixed versions =========================== Issue introduced in 4.20 with commit c5511d03ec09 and fixed in 5.15.165 with commit 2a3548c7ef2e Issue introduced in 4.20 with commit c5511d03ec09 and fixed in 6.1.105 with commit 2cf7665efe45 Issue introduced in 4.20 with commit c5511d03ec09 and fixed in 6.6.46 with commit 65727331b601 Issue introduced in 4.20 with commit c5511d03ec09 and fixed in 6.10.5 with commit d0c87a3c6be1 Issue introduced in 4.20 with commit c5511d03ec09 and fixed in 6.11-rc2 with commit e22f910a26cc Issue introduced in 4.14.86 with commit 01659361c63f Issue introduced in 4.19.7 with commit a2c094816f89 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2024-44958 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: kernel/sched/core.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/2a3548c7ef2e135aee40e7e5e44e7d11b893e7c4 https://git.kernel.org/stable/c/2cf7665efe451e48d27953e6b5bc627d518c902b https://git.kernel.org/stable/c/65727331b60197b742089855ac09464c22b96f66 https://git.kernel.org/stable/c/d0c87a3c6be10a57aa3463c32c3fc6b2a47c3dab https://git.kernel.org/stable/c/e22f910a26cc2a3ac9c66b8e935ef2a7dd881117
Powered by blists - more mailing lists