CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue

Published May 20, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

i40e: Do not use WQMEMRECLAIM flag for workqueue

Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in checkflushdependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQMEMRECLAIM flag, and the i40iw one is not.

Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too.

[Feb 9 09:08] ------------[ cut here ]------------ [ +0.000004] workqueue: WQMEMRECLAIM i40e:i40eservicetask [i40e] is flushing !WQMEMRECLAIM infiniband:0x0 [ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966 checkflushdependency+0x10b/0x120 [ +0.000007] Modules linked in: sndseqdummy sndhrtimer sndseq sndtimer sndseqdevice snd soundcore nlsutf8 cifs cifsarc4 nlsucs2utils rdmacm iwcm ibcm cifsmd4 dnsresolver netfs qrtr rfkill sunrpc vfat fat intelraplmsr intelraplcommon irdma inteluncorefrequency inteluncorefrequencycommon ice ipmissif isstifcommon skxedac nfit libnvdimm x86pkgtempthermal intelpowerclamp gnss coretemp ibuverbs rapl intelcstate ibcore iTCOwdt iTCOvendorsupport acpiipmi meime ipmisi inteluncore ioatdma i2ci801 joydev pcspkr mei ipmidevintf lpcich intelpchthermal i2csmbus ipmimsghandler acpipowermeter acpipad xfs libcrc32c ast sdmod drmshmemhelper t10pi drmkmshelper sg ixgbe drm i40e ahci crct10difpclmul libahci crc32pclmul igb crc32cintel libata ghashclmulniintel i2calgobit mdio dca wmi dmmirror dmregionhash dmlog dmmod fuse [ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not tainted 6.8.0-rc2-Feb-netdev-Qiueue-00279-gbd43c5687e05 #1 [ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 [ +0.000001] Workqueue: i40e i40eservicetask [i40e] [ +0.000024] RIP: 0010:checkflushdependency+0x10b/0x120 [ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48 81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90 [ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282 [ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX: 0000000000000027 [ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI: ffff94d47f620bc0 [ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffff7fff [ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12: ffff94c5451ea180 [ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15: ffff94c5f1330ab0 [ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4: 00000000007706f0 [ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] [ +0.000002] ? warn+0x80/0x130 [ +0.000003] ? checkflushdependency+0x10b/0x120 [ +0.000002] ? reportbug+0x195/0x1a0 [ +0.000005] ? handlebug+0x3c/0x70 [ +0.000003] ? excinvalidop+0x14/0x70 [ +0.000002] ? asmexcinvalidop+0x16/0x20 [ +0.000006] ? checkflushdependency+0x10b/0x120 [ +0.000002] ? checkflushdependency+0x10b/0x120 [ +0.000002] flushworkqueue+0x126/0x3f0 [ +0.000015] ibcachecleanupone+0x1c/0xe0 [ibcore] [ +0.000056] ibunregisterdevice+0x6a/0xb0 [ibcore] [ +0.000023] ibunregisterdeviceandput+0x34/0x50 [ibcore] [ +0.000020] i40iwclose+0x4b/0x90 [irdma] [ +0.000022] i40enotifyclientofnetdevclose+0x54/0xc0 [i40e] [ +0.000035] i40eservicetask+0x126/0x190 [i40e] [ +0.000024] processonework+0x174/0x340 [ +0.000003] workerth ---truncated---

Other sources

In the Linux kernel, the following vulnerability has been resolved:

i40e: Do not use WQMEMRECLAIM flag for workqueue

Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in checkflushdependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQMEMRECLAIM flag, and the i40iw one is not.

Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too.

[Feb 9 09:08] ------------[ cut here ]------------ [ +0.000004] workqueue: WQMEMRECLAIM i40e:i40eservicetask [i40e] is flushing !WQMEMRECLAIM infiniband:0x0 [ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966 checkflushdependency+0x10b/0x120 [ +0.000007] Modules linked in: sndseqdummy sndhrtimer sndseq sndtimer sndseqdevice snd soundcore nlsutf8 cifs cifsarc4 nlsucs2utils rdmacm iwcm ibcm cifsmd4 dnsresolver netfs qrtr rfkill sunrpc vfat fat intelraplmsr intelraplcommon irdma inteluncorefrequency inteluncorefrequencycommon ice ipmissif isstifcommon skxedac nfit libnvdimm x86pkgtempthermal intelpowerclamp gnss coretemp ibuverbs rapl intelcstate ibcore iTCOwdt iTCOvendorsupport acpiipmi meime ipmisi inteluncore ioatdma i2ci801 joydev pcspkr mei ipmidevintf lpcich intelpchthermal i2csmbus ipmimsghandler acpipowermeter acpipad xfs libcrc32c ast sdmod drmshmemhelper t10pi drmkmshelper sg ixgbe drm i40e ahci crct10difpclmul libahci crc32pclmul igb crc32cintel libata ghashclmulniintel i2calgobit mdio dca wmi dmmirror dmregionhash dmlog dmmod fuse [ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not tainted 6.8.0-rc2-Feb-netdev-Qiueue-00279-gbd43c5687e05 #1 [ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 [ +0.000001] Workqueue: i40e i40eservicetask [i40e] [ +0.000024] RIP: 0010:checkflushdependency+0x10b/0x120 [ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48 81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90 [ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282 [ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX: 0000000000000027 [ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI: ffff94d47f620bc0 [ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffff7fff [ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12: ffff94c5451ea180 [ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15: ffff94c5f1330ab0 [ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4: 00000000007706f0 [ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] ? warn+0x80/0x130 [ +0.000003] ? checkflushdependency+0x10b/0x120 [ +0.000002] ? reportbug+0x195/0x1a0 [ +0.000005] ? handlebug+0x3c/0x70 [ +0.000003] ? excinvalidop+0x14/0x70 [ +0.000002] ? asmexcinvalidop+0x16/0x20 [ +0.000006] ? checkflushdependency+0x10b/0x120 [ +0.000002] ? checkflushdependency+0x10b/0x120 [ +0.000002] flushworkqueue+0x126/0x3f0 [ +0.000015] ibcachecleanupone+0x1c/0xe0 [ibcore] [ +0.000056] ibunregisterdevice+0x6a/0xb0 [ibcore] [ +0.000023] ibunregisterdeviceandput+0x34/0x50 [ibcore] [ +0.000020] i40iwclose+0x4b/0x90 [irdma] [ +0.000022] i40enotifyclientofnetdevclose+0x54/0xc0 [i40e] [ +0.000035] i40eservicetask+0x126/0x190 [i40e] [ +0.000024] processonework+0x174/0x340 [ +0.000003] workerth ---truncated---

NVD

In the Linux kernel, the following vulnerability has been resolved:

i40e: Do not use WQMEMRECLAIM flag for workqueue

The Linux kernel CVE team has assigned CVE-2024-36004 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052024-CVE-2024-36004-fb45@gregkh/T

Red Hat

Affected Software

26 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
debian/linux
5.10.223-15.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
redhat/kernel<4.19.313
4.19.313
redhat/kernel<5.4.275
5.4.275
redhat/kernel<5.10.216
5.10.216
redhat/kernel<5.15.158
5.15.158
redhat/kernel<6.1.90
6.1.90
redhat/kernel<6.6.30
6.6.30
redhat/kernel<6.8.9
6.8.9
redhat/kernel<6.9
6.9
Linux Linux kernel>=4.14<4.19.313
Linux Linux kernel>=4.20<5.4.275
Linux Linux kernel>=5.5<5.10.216
Linux Linux kernel>=5.11<5.15.158
Linux Linux kernel>=5.16<6.1.90
Linux Linux kernel>=6.2<6.6.30
Linux Linux kernel>=6.7<6.8.9
Linux Linux kernel=6.9-rc1
Linux Linux kernel=6.9-rc2
Linux Linux kernel=6.9-rc3
Linux Linux kernel=6.9-rc4
Linux Linux kernel=6.9-rc5
Debian Debian Linux=10.0

Remediation

Patch Available

https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c

Patch Available

https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939

Patch Available

https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e

Patch Available

https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c

Patch Available

https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd

Patch Available

https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0

Patch Available

https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22

Patch Available

https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f

Event History

May 20, 2024
CVE Published
via MITRE·09:48 AM
Data Sourced
via MITRE·09:48 AM
Description
Data Sourced
via NVD·10:15 AM
Description
Data Sourced
via NVD·10:15 AM
RemedySeverityAffected Software
Data Sourced
via Red Hat·05:32 PM
DescriptionSeverityAffected Software
Jul 12, 2024
Data Sourced
via Launchpad·02:47 PM
Description
May 9, 2025
Data Sourced
via Ubuntu·12:28 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-36004?

CVE-2024-36004 has a moderate severity level as it affects specific configurations and drivers in the Linux kernel.

2

How do I fix CVE-2024-36004?

To mitigate CVE-2024-36004, update to kernel versions 4.19.313, 5.4.275, 5.10.216, 5.15.158, 6.1.90, 6.6.30, 6.8.9, or 6.9 as recommended by your distribution.

3

Which Linux kernel versions are affected by CVE-2024-36004?

CVE-2024-36004 affects multiple kernel versions including those prior to 4.19.313, 5.4.275, 5.10.216, 5.15.158, 6.1.90, 6.6.30, 6.8.9, and 6.9.

4

What components are primarily impacted by CVE-2024-36004?

The primary components impacted by CVE-2024-36004 involve the i40e and i40iw drivers within the Linux kernel.

5

Is CVE-2024-36004 actively being exploited?

As of now, there is no public evidence indicating that CVE-2024-36004 is being actively exploited in the wild.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203