{ "id": "CVE-2024-35929", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T11:15:48.993", "lastModified": "2024-12-30T19:56:30.927", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()\n\nFor the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and\nCONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE()\nin the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions:\n\n CPU2 CPU11\nkthread\nrcu_nocb_cb_kthread ksys_write\nrcu_do_batch vfs_write\nrcu_torture_timer_cb proc_sys_write\n__kmem_cache_free proc_sys_call_handler\nkmemleak_free drop_caches_sysctl_handler\ndelete_object_full drop_slab\n__delete_object shrink_slab\nput_object lazy_rcu_shrink_scan\ncall_rcu rcu_nocb_flush_bypass\n__call_rcu_commn rcu_nocb_bypass_lock\n raw_spin_trylock(&rdp->nocb_bypass_lock) fail\n atomic_inc(&rdp->nocb_lock_contended);\nrcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu);\n WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) |\n |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __|\n\nReproduce this bug with \"echo 3 > /proc/sys/vm/drop_caches\".\n\nThis commit therefore uses rcu_nocb_try_flush_bypass() instead of\nrcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass\nqueue is being flushed, then rcu_nocb_try_flush_bypass will return\ndirectly." }, { "lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: rcu/nocb: corrija WARN_ON_ONCE() en rcu_nocb_bypass_lock() Para los kernels creados con CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y y CONFIG_RCU_LAZY=y, los siguientes escenarios activar\u00e1n WARN_ON_ONCE() en rcu_nocb_bypass_lock( ) y funciones rcu_nocb_wait_contended(): CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sysctl_handler delete_object_full losa __delete_object encogimiento_slab put_object lazy_rcu_shrink_scan call_rcu rcu_nocb_flush_bypass __call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended); rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id()!= rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | |_ _ _ _ _ _ _ _ _ _mismo rdp y rdp->cpu != 11_ _ _ _ _ _ _ _ _ __| Reproduzca este error con \"echo 3 > /proc/sys/vm/drop_caches\". Por lo tanto, esta confirmaci\u00f3n utiliza rcu_nocb_try_flush_bypass() en lugar de rcu_nocb_flush_bypass() en lazy_rcu_shrink_scan(). Si se est\u00e1 vaciando la cola nocb_bypass, entonces rcu_nocb_try_flush_bypass regresar\u00e1 directamente." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding": "6.6.27", "matchCriteriaId": "06E895C1-812D-4DD3-AC6C-7069937B982A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.7", "versionEndExcluding": "6.8.6", "matchCriteriaId": "22CA5433-1303-41EF-AD4C-F4645DC01541" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] }, { "url": "https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ] } ] }