{ "threat_severity" : "Moderate", "public_date" : "2024-05-22T00:00:00Z", "bugzilla" : { "description" : "kernel: powerpc/smp: do not decrement idle task preempt count in CPU offline", "id" : "2282904", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2282904" }, "cvss3" : { "cvss3_base_score" : "4.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-362", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\npowerpc/smp: do not decrement idle task preempt count in CPU offline\nWith PREEMPT_COUNT=y, when a CPU is offlined and then onlined again, we\nget:\nBUG: scheduling while atomic: swapper/1/0/0x00000000\nno locks held by swapper/1/0.\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.0-rc2+ #100\nCall Trace:\ndump_stack_lvl+0xac/0x108\n__schedule_bug+0xac/0xe0\n__schedule+0xcf8/0x10d0\nschedule_idle+0x3c/0x70\ndo_idle+0x2d8/0x4a0\ncpu_startup_entry+0x38/0x40\nstart_secondary+0x2ec/0x3a0\nstart_secondary_prolog+0x10/0x14\nThis is because powerpc's arch_cpu_idle_dead() decrements the idle task's\npreempt count, for reasons explained in commit a7c2bb8279d2 (\"powerpc:\nRe-enable preemption before cpu_die()\"), specifically \"start_secondary()\nexpects a preempt_count() of 0.\"\nHowever, since commit 2c669ef6979c (\"powerpc/preempt: Don't touch the idle\ntask's preempt_count during hotplug\") and commit f1a0a376ca0c (\"sched/core:\nInitialize the idle task with preemption disabled\"), that justification no\nlonger holds.\nThe idle task isn't supposed to re-enable preemption, so remove the\nvestigial preempt_enable() from the CPU offline path.\nTested with pseries and powernv in qemu, and pseries on PowerVM.", "A vulnerability was found in the Linux kernel's powerpc/smp architecture, where the idle task's preemption count was incorrectly decremented during the CPU offline process. This issue caused a \"scheduling while atomic\" error when a CPU was offlined and then onlined again, leading to potential system instability." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-47454\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-47454\nhttps://lore.kernel.org/linux-cve-announce/2024052243-CVE-2021-47454-e852@gregkh/T" ], "name" : "CVE-2021-47454", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }