{ "threat_severity" : "Moderate", "public_date" : "2024-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu", "id" : "2333982", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2333982" }, "cvss3" : { "cvss3_base_score" : "6.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-362", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nrcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu\nKCSAN reports a data race when access the krcp->monitor_work.timer.expires\nvariable in the schedule_delayed_monitor_work() function:\n\nBUG: KCSAN: data-race in __mod_timer / kvfree_call_rcu\nread to 0xffff888237d1cce8 of 8 bytes by task 10149 on cpu 1:\nschedule_delayed_monitor_work kernel/rcu/tree.c:3520 [inline]\nkvfree_call_rcu+0x3b8/0x510 kernel/rcu/tree.c:3839\ntrie_update_elem+0x47c/0x620 kernel/bpf/lpm_trie.c:441\nbpf_map_update_value+0x324/0x350 kernel/bpf/syscall.c:203\ngeneric_map_update_batch+0x401/0x520 kernel/bpf/syscall.c:1849\nbpf_map_do_batch+0x28c/0x3f0 kernel/bpf/syscall.c:5143\n__sys_bpf+0x2e5/0x7a0\n__do_sys_bpf kernel/bpf/syscall.c:5741 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:5739 [inline]\n__x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5739\nx64_sys_call+0x2625/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:322\ndo_syscall_x64 arch/x86/entry/common.c:52 [inline]\ndo_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83\nentry_SYSCALL_64_after_hwframe+0x77/0x7f\nwrite to 0xffff888237d1cce8 of 8 bytes by task 56 on cpu 0:\n__mod_timer+0x578/0x7f0 kernel/time/timer.c:1173\nadd_timer_global+0x51/0x70 kernel/time/timer.c:1330\n__queue_delayed_work+0x127/0x1a0 kernel/workqueue.c:2523\nqueue_delayed_work_on+0xdf/0x190 kernel/workqueue.c:2552\nqueue_delayed_work include/linux/workqueue.h:677 [inline]\nschedule_delayed_monitor_work kernel/rcu/tree.c:3525 [inline]\nkfree_rcu_monitor+0x5e8/0x660 kernel/rcu/tree.c:3643\nprocess_one_work kernel/workqueue.c:3229 [inline]\nprocess_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310\nworker_thread+0x51d/0x6f0 kernel/workqueue.c:3391\nkthread+0x1d1/0x210 kernel/kthread.c:389\nret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 UID: 0 PID: 56 Comm: kworker/u8:4 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events_unbound kfree_rcu_monitor\n\nkfree_rcu_monitor() rearms the work if a \"krcp\" has to be still\noffloaded and this is done without holding krcp->lock, whereas\nthe kvfree_call_rcu() holds it.\nFix it by acquiring the \"krcp->lock\" for kfree_rcu_monitor() so\nboth functions do not race anymore." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-05-13T00:00:00Z", "advisory" : "RHSA-2025:6966", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-570.12.1.el9_6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-53160\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53160\nhttps://lore.kernel.org/linux-cve-announce/2024122431-CVE-2024-53160-692f@gregkh/T" ], "name" : "CVE-2024-53160", "csaw" : false }