Description

In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interface_lock in stop_kthread() stop_kthread() is the offline callback for "trace/osnoise:online", since commit 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()"), the following ABBA deadlock scenario is introduced: T1 | T2 [BP] | T3 [AP] osnoise_hotplug_workfn() | work_for_cpu_fn() | cpuhp_thread_fun() | _cpu_down() | osnoise_cpu_die() mutex_lock(&interface_lock) | | stop_kthread() | cpus_write_lock() | mutex_lock(&interface_lock) cpus_read_lock() | cpuhp_kick_ap() | As the interface_lock here in just for protecting the "kthread" field of the osn_var, use xchg() instead to fix this issue. Also use for_each_online_cpu() back in stop_per_cpu_kthreads() as it can take cpu_read_lock() again.

INFO

Published Date :

2024-10-21T18:02:23.774Z

Last Modified :

2025-05-04T09:42:49.116Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49976 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49976.

URL Resource
https://git.kernel.org/stable/c/09cb44cc3d3df7ade2cebc939d6257a2fa8afc7a cve-icon cve-icon
https://git.kernel.org/stable/c/a4a05ceffe8fad68b45de38fe2311bda619e76e2 cve-icon cve-icon
https://git.kernel.org/stable/c/b484a02c9cedf8703eff8f0756f94618004bd165 cve-icon cve-icon
https://git.kernel.org/stable/c/db8571a9a098086608c11a15856ff585789e67e8 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024102134-CVE-2024-49976-83a3@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49976 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49976 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact