CVE-2024-35989: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops:
BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 1470e1067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57 Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 RIP: 0010:mutexlock+0x2e/0x50 ... Call Trace: die+0x24/0x70 pagefaultoops+0x82/0x160 douseraddrfault+0x65/0x6b0 pfxrdmsrsafeoncpu+0x10/0x10 excpagefault+0x7d/0x170 asmexcpagefault+0x26/0x30 mutexlock+0x2e/0x50 mutexlock+0x1e/0x50 perfpmumigratecontext+0x87/0x1f0 perfeventcpuoffline+0x76/0x90 [idxd] cpuhpinvokecallback+0xa2/0x4f0 pfxperfeventcpuoffline+0x10/0x10 [idxd] cpuhpthreadfun+0x98/0x150 smpbootthreadfn+0x27/0x260 smpbootthreadfn+0x1af/0x260 pfxsmpbootthreadfn+0x10/0x10 kthread+0x103/0x140 pfxkthread+0x10/0x10 retfromfork+0x31/0x50 pfxkthread+0x10/0x10 retfromforkasm+0x1b/0x30
Fix the issue by preventing the migration of the perf context to an invalid target.
Other sources
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops:
BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: errorcode(0x0002) - not-present page PGD 1470e1067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57 Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 RIP: 0010:mutexlock+0x2e/0x50 ... Call Trace: <TASK> die+0x24/0x70 pagefaultoops+0x82/0x160 douseraddrfault+0x65/0x6b0 pfxrdmsrsafeoncpu+0x10/0x10 excpagefault+0x7d/0x170 asmexcpagefault+0x26/0x30 mutexlock+0x2e/0x50 mutexlock+0x1e/0x50 perfpmumigratecontext+0x87/0x1f0 perfeventcpuoffline+0x76/0x90 [idxd] cpuhpinvokecallback+0xa2/0x4f0 pfxperfeventcpuoffline+0x10/0x10 [idxd] cpuhpthreadfun+0x98/0x150 smpbootthreadfn+0x27/0x260 smpbootthreadfn+0x1af/0x260 pfxsmpbootthreadfn+0x10/0x10 kthread+0x103/0x140 pfxkthread+0x10/0x10 retfromfork+0x31/0x50 pfxkthread+0x10/0x10 retfromforkasm+0x1b/0x30 <TASK>
Fix the issue by preventing the migration of the perf context to an invalid target.
— NVD
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
The Linux kernel CVE team has assigned CVE-2024-35989 to this issue.
Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052020-CVE-2024-35989-c5da@gregkh/T
— Red Hat
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of CVE-2024-35989?
CVE-2024-35989 has a medium severity rating affecting single-CPU Linux systems during idxd driver removal.
How do I fix CVE-2024-35989?
To fix CVE-2024-35989, update your kernel to one of the patched versions: 5.15.158, 6.1.90, 6.6.30, 6.8.9, 6.9, or applicable Debian versions.
Which systems are affected by CVE-2024-35989?
CVE-2024-35989 affects Linux systems with one CPU that utilize the idxd driver.
What causes the vulnerability CVE-2024-35989?
CVE-2024-35989 is caused by an oops error during the removal of the idxd driver, specifically due to callback issues on single-CPU platforms.
Is CVE-2024-35989 exploitable?
CVE-2024-35989 is not directly exploitable from a remote perspective but poses risks during specific driver removal processes.