{
  "threat_severity" : "Moderate",
  "public_date" : "2025-03-06T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: idpf: convert workqueues to unbound",
    "id" : "2350375",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2350375"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nidpf: convert workqueues to unbound\nWhen a workqueue is created with `WQ_UNBOUND`, its work items are\nserved by special worker-pools, whose host workers are not bound to\nany specific CPU. In the default configuration (i.e. when\n`queue_delayed_work` and friends do not specify which CPU to run the\nwork item on), `WQ_UNBOUND` allows the work item to be executed on any\nCPU in the same node of the CPU it was enqueued on. While this\nsolution potentially sacrifices locality, it avoids contention with\nother processes that might dominate the CPU time of the processor the\nwork item was scheduled on.\nThis is not just a theoretical problem: in a particular scenario\nmisconfigured process was hogging most of the time from CPU0, leaving\nless than 0.5% of its CPU time to the kworker. The IDPF workqueues\nthat were using the kworker on CPU0 suffered large completion delays\nas a result, causing performance degradation, timeouts and eventual\nsystem crash.\n* I have also run a manual test to gauge the performance\nimprovement. The test consists of an antagonist process\n(`./stress --cpu 2`) consuming as much of CPU 0 as possible. This\nprocess is run under `taskset 01` to bind it to CPU0, and its\npriority is changed with `chrt -pQ 9900 10000 ${pid}` and\n`renice -n -20 ${pid}` after start.\nThen, the IDPF driver is forced to prefer CPU0 by editing all calls\nto `queue_delayed_work`, `mod_delayed_work`, etc... to use CPU 0.\nFinally, `ktraces` for the workqueue events are collected.\nWithout the current patch, the antagonist process can force\narbitrary delays between `workqueue_queue_work` and\n`workqueue_execute_start`, that in my tests were as high as\n`30ms`. With the current patch applied, the workqueue can be\nmigrated to another unloaded CPU in the same node, and, keeping\neverything else equal, the maximum delay I could see was `6us`." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20095",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "kernel-0:6.12.0-124.8.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-11-11T00:00:00Z",
    "advisory" : "RHSA-2025:20518",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-611.5.1.el9_7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-58057\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-58057\nhttps://lore.kernel.org/linux-cve-announce/2025030607-CVE-2024-58057-5c91@gregkh/T" ],
  "name" : "CVE-2024-58057",
  "csaw" : false
}