{ "threat_severity" : "Moderate", "public_date" : "2024-07-12T00:00:00Z", "bugzilla" : { "description" : "kernel: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags", "id" : "2297480", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2297480" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-820", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nio_uring/io-wq: Use set_bit() and test_bit() at worker->flags\nUtilize set_bit() and test_bit() on worker->flags within io_uring/io-wq\nto address potential data races.\nThe structure io_worker->flags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\nBUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\nwrite to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\nio_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\nio_wq_worker (io_uring/io-wq.c:?)\n\nread to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\nio_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\nio_wq_enqueue (io_uring/io-wq.c:947)\nio_queue_iowq (io_uring/io_uring.c:524)\nio_req_task_submit (io_uring/io_uring.c:1511)\nio_handle_tw_list (io_uring/io_uring.c:1198)\n\nLine numbers against commit 18daea77cca6 (\"Merge tag 'for-linus' of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\nAlso, move `create_index` to avoid holes in the structure.", "A vulnerability was found in the Linux kernel's io_uring subsystem within the io_wq handling functions, where the issue stems from concurrent access to worker->flags, which can lead to data races when multiple tasks manipulate this structure simultaneously, which result in crashes, impacting the reliability of asynchronous I/O operations." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-39508\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-39508\nhttps://lore.kernel.org/linux-cve-announce/2024071206-CVE-2024-39508-20c3@gregkh/T" ], "name" : "CVE-2024-39508", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }