{
  "threat_severity" : "Moderate",
  "public_date" : "2024-09-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: cgroup/cpuset: fix panic caused by partcmd_update",
    "id" : "2309838",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2309838"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-664",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ncgroup/cpuset: fix panic caused by partcmd_update\nWe find a bug as below:\nBUG: unable to handle page fault for address: 00000003\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 3 PID: 358 Comm: bash Tainted: G        W I        6.6.0-10893-g60d6\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4\nRIP: 0010:partition_sched_domains_locked+0x483/0x600\nCode: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9\nRSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202\nRAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80\nRBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000\nR10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002\nR13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000\nFS:  00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0\nCall Trace:\n<TASK>\n? show_regs+0x8c/0xa0\n? __die_body+0x23/0xa0\n? __die+0x3a/0x50\n? page_fault_oops+0x1d2/0x5c0\n? partition_sched_domains_locked+0x483/0x600\n? search_module_extables+0x2a/0xb0\n? search_exception_tables+0x67/0x90\n? kernelmode_fixup_or_oops+0x144/0x1b0\n? __bad_area_nosemaphore+0x211/0x360\n? up_read+0x3b/0x50\n? bad_area_nosemaphore+0x1a/0x30\n? exc_page_fault+0x890/0xd90\n? __lock_acquire.constprop.0+0x24f/0x8d0\n? __lock_acquire.constprop.0+0x24f/0x8d0\n? asm_exc_page_fault+0x26/0x30\n? partition_sched_domains_locked+0x483/0x600\n? partition_sched_domains_locked+0xf0/0x600\nrebuild_sched_domains_locked+0x806/0xdc0\nupdate_partition_sd_lb+0x118/0x130\ncpuset_write_resmask+0xffc/0x1420\ncgroup_file_write+0xb2/0x290\nkernfs_fop_write_iter+0x194/0x290\nnew_sync_write+0xeb/0x160\nvfs_write+0x16f/0x1d0\nksys_write+0x81/0x180\n__x64_sys_write+0x21/0x30\nx64_sys_call+0x2f25/0x4630\ndo_syscall_64+0x44/0xb0\nentry_SYSCALL_64_after_hwframe+0x78/0xe2\nRIP: 0033:0x7f44a553c887\nIt can be reproduced with cammands:\ncd /sys/fs/cgroup/\nmkdir test\ncd test/\necho +cpuset > ../cgroup.subtree_control\necho root > cpuset.cpus.partition\ncat /sys/fs/cgroup/cpuset.cpus.effective\n0-3\necho 0-3 > cpuset.cpus // taking away all cpus from root\nThis issue is caused by the incorrect rebuilding of scheduling domains.\nIn this scenario, test/cpuset.cpus.partition should be an invalid root\nand should not trigger the rebuilding of scheduling domains. When calling\nupdate_parent_effective_cpumask with partcmd_update, if newmask is not\nnull, it should recheck newmask whether there are cpus is available\nfor parect/cs that has tasks." ],
  "statement" : "Red Hat believes this vulnerability to be of moderate severity because of the elevated privileges required to trigger the necessary conditions. Modifying cpuset settings typically requires root or admin access or a process must have   CAP_SYS_ADMIN permissions to configure cgroups.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-44975\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44975\nhttps://lore.kernel.org/linux-cve-announce/2024090442-CVE-2024-44975-7c21@gregkh/T" ],
  "name" : "CVE-2024-44975",
  "csaw" : false
}