5.5

CVE-2024-49976

tracing/timerlat: Drop interface_lock in stop_kthread()

In the Linux kernel, the following vulnerability has been resolved:

tracing/timerlat: Drop interface_lock in stop_kthread()

stop_kthread() is the offline callback for "trace/osnoise:online", since
commit 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearing
of kthread in stop_kthread()"), the following ABBA deadlock scenario is
introduced:

T1                            | T2 [BP]               | T3 [AP]
osnoise_hotplug_workfn()      | work_for_cpu_fn()     | cpuhp_thread_fun()
                              |   _cpu_down()         |   osnoise_cpu_die()
  mutex_lock(&interface_lock) |                       |     stop_kthread()
                              |     cpus_write_lock() |       mutex_lock(&interface_lock)
  cpus_read_lock()            |     cpuhp_kick_ap()   |

As the interface_lock here in just for protecting the "kthread" field of
the osn_var, use xchg() instead to fix this issue. Also use
for_each_online_cpu() back in stop_per_cpu_kthreads() as it can take
cpu_read_lock() again.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 6.6.51 < 6.6.55
LinuxLinux Kernel Version >= 6.10.10 < 6.10.14
LinuxLinux Kernel Version >= 6.11 < 6.11.3
LinuxLinux Kernel Version6.12 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.073
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

https://git.kernel.org/stable/c/09cb44cc3d3df7ade2cebc939d6257a2fa8afc7a
Patch
https://git.kernel.org/stable/c/a4a05ceffe8fad68b45de38fe2311bda619e76e2
Patch
https://git.kernel.org/stable/c/b484a02c9cedf8703eff8f0756f94618004bd165
Patch
https://git.kernel.org/stable/c/db8571a9a098086608c11a15856ff585789e67e8
Patch