### [CVE-2024-35929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35929) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=1da177e4c3f4%3C%204d58c9fb45c7%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description In the Linux kernel, the following vulnerability has been resolved:rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y andCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11kthreadrcu_nocb_cb_kthread ksys_writercu_do_batch vfs_writercu_torture_timer_cb proc_sys_write__kmem_cache_free proc_sys_call_handlerkmemleak_free drop_caches_sysctl_handlerdelete_object_full drop_slab__delete_object shrink_slabput_object lazy_rcu_shrink_scancall_rcu rcu_nocb_flush_bypass__call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended);rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches".This commit therefore uses rcu_nocb_try_flush_bypass() instead ofrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypassqueue is being flushed, then rcu_nocb_try_flush_bypass will returndirectly. ### POC #### Reference No PoCs from references. #### Github - https://github.com/bygregonline/devsec-fastapi-report