cve/2024/CVE-2024-35929.md

### [CVE-2024-35929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35929)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%204d58c9fb45c7%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y andCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:        CPU2                                               CPU11kthreadrcu_nocb_cb_kthread                                       ksys_writercu_do_batch                                              vfs_writercu_torture_timer_cb                                      proc_sys_write__kmem_cache_free                                         proc_sys_call_handlerkmemleak_free                                             drop_caches_sysctl_handlerdelete_object_full                                        drop_slab__delete_object                                           shrink_slabput_object                                                lazy_rcu_shrink_scancall_rcu                                                  rcu_nocb_flush_bypass__call_rcu_commn                                            rcu_nocb_bypass_lock                                                            raw_spin_trylock(&rdp->nocb_bypass_lock) fail                                                            atomic_inc(&rdp->nocb_lock_contended);rcu_nocb_wait_contended                                     WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended))                                          |                            |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".This commit therefore uses rcu_nocb_try_flush_bypass() instead ofrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan().  If the nocb_bypassqueue is being flushed, then rcu_nocb_try_flush_bypass will returndirectly.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/bygregonline/devsec-fastapi-report
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-35929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35929)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%204d58c9fb45c7%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y andCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11kthreadrcu_nocb_cb_kthread ksys_writercu_do_batch vfs_writercu_torture_timer_cb proc_sys_write__kmem_cache_free proc_sys_call_handlerkmemleak_free drop_caches_sysctl_handlerdelete_object_full drop_slab__delete_object shrink_slabput_object lazy_rcu_shrink_scancall_rcu rcu_nocb_flush_bypass__call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended);rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) \| \|_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __\|Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".This commit therefore uses rcu_nocb_try_flush_bypass() instead ofrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypassqueue is being flushed, then rcu_nocb_try_flush_bypass will returndirectly.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/bygregonline/devsec-fastapi-report`