{ "threat_severity" : "Moderate", "public_date" : "2024-05-20T00:00:00Z", "bugzilla" : { "description" : "kernel: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms", "id" : "2281847", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2281847" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: idxd: Fix oops during rmmod on single-CPU platforms\nDuring the removal of the idxd driver, registered offline callback is\ninvoked as part of the clean up process. However, on systems with only\none CPU online, no valid target is available to migrate the\nperf context, resulting in a kernel oops:\nBUG: unable to handle page fault for address: 000000000002a2b8\n#PF: supervisor write access in kernel mode\n#PF: error_code(0x0002) - not-present page\nPGD 1470e1067 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57\nHardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023\nRIP: 0010:mutex_lock+0x2e/0x50\n...\nCall Trace:\n\n__die+0x24/0x70\npage_fault_oops+0x82/0x160\ndo_user_addr_fault+0x65/0x6b0\n__pfx___rdmsr_safe_on_cpu+0x10/0x10\nexc_page_fault+0x7d/0x170\nasm_exc_page_fault+0x26/0x30\nmutex_lock+0x2e/0x50\nmutex_lock+0x1e/0x50\nperf_pmu_migrate_context+0x87/0x1f0\nperf_event_cpu_offline+0x76/0x90 [idxd]\ncpuhp_invoke_callback+0xa2/0x4f0\n__pfx_perf_event_cpu_offline+0x10/0x10 [idxd]\ncpuhp_thread_fun+0x98/0x150\nsmpboot_thread_fn+0x27/0x260\nsmpboot_thread_fn+0x1af/0x260\n__pfx_smpboot_thread_fn+0x10/0x10\nkthread+0x103/0x140\n__pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x50\n__pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n\nFix the issue by preventing the migration of the perf context to an\ninvalid target.", "This is a vulnerability in the Linux kernel's Data Movement Accelerator (DMA) engine, specifically affecting the Intel Data Streaming Accelerator (IDXD) driver. The issue arises during the removal (rmmod) of the idxd driver on systems with only one active CPU. In such scenarios, the driver's cleanup process attempts to migrate performance monitoring unit (PMU) contexts to another CPU. However, with no other CPUs available, this leads to a kernel oops—a serious error causing the system to crash." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:7001", "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv", "package" : "kernel-rt-0:4.18.0-553.22.1.rt7.363.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-09-24T00:00:00Z", "advisory" : "RHSA-2024:7000", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-553.22.1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-10-16T00:00:00Z", "advisory" : "RHSA-2024:8162", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.40.1.el9_4" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-10-16T00:00:00Z", "advisory" : "RHSA-2024:8162", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-427.40.1.el9_4" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-35989\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35989\nhttps://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35989-c5da@gregkh/T" ], "name" : "CVE-2024-35989", "csaw" : false }