{ "threat_severity" : "Low", "public_date" : "2024-05-20T00:00:00Z", "bugzilla" : { "description" : "kernel: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue", "id" : "2281843", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2281843" }, "cvss3" : { "cvss3_base_score" : "5.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: idxd: Convert spinlock to mutex to lock evl workqueue\ndrain_workqueue() cannot be called safely in a spinlocked context due to\npossible task rescheduling. In the multi-task scenario, calling\nqueue_work() while drain_workqueue() will lead to a Call Trace as\npushing a work on a draining workqueue is not permitted in spinlocked\ncontext.\nCall Trace:\n\n? __warn+0x7d/0x140\n? __queue_work+0x2b2/0x440\n? report_bug+0x1f8/0x200\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x18/0x70\n? asm_exc_invalid_op+0x1a/0x20\n? __queue_work+0x2b2/0x440\nqueue_work_on+0x28/0x30\nidxd_misc_thread+0x303/0x5a0 [idxd]\n? __schedule+0x369/0xb40\n? __pfx_irq_thread_fn+0x10/0x10\n? irq_thread+0xbc/0x1b0\nirq_thread_fn+0x21/0x70\nirq_thread+0x102/0x1b0\n? preempt_count_add+0x74/0xa0\n? __pfx_irq_thread_dtor+0x10/0x10\n? __pfx_irq_thread+0x10/0x10\nkthread+0x103/0x140\n? __pfx_kthread+0x10/0x10\nret_from_fork+0x31/0x50\n? __pfx_kthread+0x10/0x10\nret_from_fork_asm+0x1b/0x30\n\nThe current implementation uses a spinlock to protect event log workqueue\nand will lead to the Call Trace due to potential task rescheduling.\nTo address the locking issue, convert the spinlock to mutex, allowing\nthe drain_workqueue() to be called in a safe mutex-locked context.\nThis change ensures proper synchronization when accessing the event log\nworkqueue, preventing potential Call Trace and improving the overall\nrobustness of the code.", "In the Linux kernel, the following vulnerability has been resolved:\ndmaengine: idxd: Convert spinlock to mutex to lock evl workqueue\nThe Linux kernel CVE team has assigned CVE-2024-35991 to this issue.\nUpstream advisory:\nhttps://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35991-5f06@gregkh/T" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-35991\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35991\nhttps://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35991-5f06@gregkh/T" ], "name" : "CVE-2024-35991", "csaw" : false }