{
"threat_severity" : "Low",
"public_date" : "2024-05-30T00:00:00Z",
"bugzilla" : {
"description" : "kernel: mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()",
"id" : "2284413",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2284413"
},
"cvss3" : {
"cvss3_base_score" : "4.7",
"cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"status" : "verified"
},
"cwe" : "CWE-362",
"details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\nWhen I did memory failure tests recently, below warning occurs:\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n\nlock_acquire+0xbe/0x2d0\n_raw_spin_lock_irqsave+0x3a/0x60\nhugepage_subpool_put_pages.part.0+0xe/0xc0\nfree_huge_folio+0x253/0x3f0\ndissolve_free_huge_page+0x147/0x210\n__page_handle_poison+0x9/0x70\nmemory_failure+0x4e6/0x8c0\nhard_offline_page_store+0x55/0xa0\nkernfs_fop_write_iter+0x12c/0x1d0\nvfs_write+0x380/0x540\nksys_write+0x64/0xe0\ndo_syscall_64+0xbc/0x1d0\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n\npanic+0x326/0x350\ncheck_panic_on_warn+0x4f/0x50\n__warn+0x98/0x190\nreport_bug+0x18e/0x1a0\nhandle_bug+0x3d/0x70\nexc_invalid_op+0x18/0x70\nasm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nlock_acquire+0xbe/0x2d0\n_raw_spin_lock_irqsave+0x3a/0x60\nhugepage_subpool_put_pages.part.0+0xe/0xc0\nfree_huge_folio+0x253/0x3f0\ndissolve_free_huge_page+0x147/0x210\n__page_handle_poison+0x9/0x70\nmemory_failure+0x4e6/0x8c0\nhard_offline_page_store+0x55/0xa0\nkernfs_fop_write_iter+0x12c/0x1d0\nvfs_write+0x380/0x540\nksys_write+0x64/0xe0\ndo_syscall_64+0xbc/0x1d0\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio->_deferred_\n---truncated---" ],
"affected_release" : [ {
"product_name" : "Red Hat Enterprise Linux 9",
"release_date" : "2024-11-12T00:00:00Z",
"advisory" : "RHSA-2024:9315",
"cpe" : "cpe:/a:redhat:enterprise_linux:9",
"package" : "kernel-0:5.14.0-503.11.1.el9_5"
}, {
"product_name" : "Red Hat Enterprise Linux 9",
"release_date" : "2024-11-12T00:00:00Z",
"advisory" : "RHSA-2024:9315",
"cpe" : "cpe:/o:redhat:enterprise_linux:9",
"package" : "kernel-0:5.14.0-503.11.1.el9_5"
} ],
"package_state" : [ {
"product_name" : "Red Hat Enterprise Linux 6",
"fix_state" : "Out of support scope",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:6"
}, {
"product_name" : "Red Hat Enterprise Linux 7",
"fix_state" : "Out of support scope",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:7"
}, {
"product_name" : "Red Hat Enterprise Linux 7",
"fix_state" : "Out of support scope",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:7"
}, {
"product_name" : "Red Hat Enterprise Linux 8",
"fix_state" : "Not affected",
"package_name" : "kernel",
"cpe" : "cpe:/o:redhat:enterprise_linux:8"
}, {
"product_name" : "Red Hat Enterprise Linux 8",
"fix_state" : "Not affected",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:8"
}, {
"product_name" : "Red Hat Enterprise Linux 9",
"fix_state" : "Affected",
"package_name" : "kernel-rt",
"cpe" : "cpe:/o:redhat:enterprise_linux:9"
} ],
"references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-36028\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-36028\nhttps://lore.kernel.org/linux-cve-announce/2024053057-CVE-2024-36028-e4a3@gregkh/T" ],
"name" : "CVE-2024-36028",
"csaw" : false
}