CVE-2024-36936 (GCVE-0-2024-36936)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 12:56
VLAI?
Title
efi/unaccepted: touch soft lockup during memory accept
Summary
In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and not triggers softlockup on other CPUs. However the softlock up was intermittent shown up if the memory of the TD guest is large, and the timeout of softlockup is set to 1 second: RIP: 0010:_raw_spin_unlock_irqrestore Call Trace: ? __hrtimer_run_queues <IRQ> ? hrtimer_interrupt ? watchdog_timer_fn ? __sysvec_apic_timer_interrupt ? __pfx_watchdog_timer_fn ? sysvec_apic_timer_interrupt </IRQ> ? __hrtimer_run_queues <TASK> ? hrtimer_interrupt ? asm_sysvec_apic_timer_interrupt ? _raw_spin_unlock_irqrestore ? __sysvec_apic_timer_interrupt ? sysvec_apic_timer_interrupt accept_memory try_to_accept_memory do_huge_pmd_anonymous_page get_page_from_freelist __handle_mm_fault __alloc_pages __folio_alloc ? __tdx_hypercall handle_mm_fault vma_alloc_folio do_user_addr_fault do_huge_pmd_anonymous_page exc_page_fault ? __do_huge_pmd_anonymous_page asm_exc_page_fault __handle_mm_fault When the local irq is enabled at the end of accept_memory(), the softlockup detects that the watchdog on single CPU has not been fed for a while. That is to say, even other CPUs will not be blocked by spinlock, the current CPU might be stunk with local irq disabled for a while, which hurts not only nmi watchdog but also softlockup. Chao Gao pointed out that the memory accept could be time costly and there was similar report before. Thus to avoid any softlocup detection during this stage, give the softlockup a flag to skip the timeout check at the end of accept_memory(), by invoking touch_softlockup_watchdog().
Severity ?
No CVSS data available.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 50e782a86c980d4f8292ef82ed8139282ca07a98 , < e115c1b5de55a105c75aba8eb08301c075fa4ef4 (git)
Affected: 50e782a86c980d4f8292ef82ed8139282ca07a98 , < 781e34b736014188ba9e46a71535237313dcda81 (git)
Affected: 50e782a86c980d4f8292ef82ed8139282ca07a98 , < 1c5a1627f48105cbab81d25ec2f72232bfaa8185 (git)
Affected: b583bfcc5a36dbd1db1984dbfcfd23ba64d23604 (git)
Create a notification for this product.
    Linux Linux Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.55 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:14:06.800588Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:14:21.422Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.123Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/unaccepted_memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e115c1b5de55a105c75aba8eb08301c075fa4ef4",
              "status": "affected",
              "version": "50e782a86c980d4f8292ef82ed8139282ca07a98",
              "versionType": "git"
            },
            {
              "lessThan": "781e34b736014188ba9e46a71535237313dcda81",
              "status": "affected",
              "version": "50e782a86c980d4f8292ef82ed8139282ca07a98",
              "versionType": "git"
            },
            {
              "lessThan": "1c5a1627f48105cbab81d25ec2f72232bfaa8185",
              "status": "affected",
              "version": "50e782a86c980d4f8292ef82ed8139282ca07a98",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b583bfcc5a36dbd1db1984dbfcfd23ba64d23604",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firmware/efi/unaccepted_memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.55",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.55",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/unaccepted: touch soft lockup during memory accept\n\nCommit 50e782a86c98 (\"efi/unaccepted: Fix soft lockups caused by\nparallel memory acceptance\") has released the spinlock so other CPUs can\ndo memory acceptance in parallel and not triggers softlockup on other\nCPUs.\n\nHowever the softlock up was intermittent shown up if the memory of the\nTD guest is large, and the timeout of softlockup is set to 1 second:\n\n RIP: 0010:_raw_spin_unlock_irqrestore\n Call Trace:\n ? __hrtimer_run_queues\n \u003cIRQ\u003e\n ? hrtimer_interrupt\n ? watchdog_timer_fn\n ? __sysvec_apic_timer_interrupt\n ? __pfx_watchdog_timer_fn\n ? sysvec_apic_timer_interrupt\n \u003c/IRQ\u003e\n ? __hrtimer_run_queues\n \u003cTASK\u003e\n ? hrtimer_interrupt\n ? asm_sysvec_apic_timer_interrupt\n ? _raw_spin_unlock_irqrestore\n ? __sysvec_apic_timer_interrupt\n ? sysvec_apic_timer_interrupt\n accept_memory\n try_to_accept_memory\n do_huge_pmd_anonymous_page\n get_page_from_freelist\n __handle_mm_fault\n __alloc_pages\n __folio_alloc\n ? __tdx_hypercall\n handle_mm_fault\n vma_alloc_folio\n do_user_addr_fault\n do_huge_pmd_anonymous_page\n exc_page_fault\n ? __do_huge_pmd_anonymous_page\n asm_exc_page_fault\n __handle_mm_fault\n\nWhen the local irq is enabled at the end of accept_memory(), the\nsoftlockup detects that the watchdog on single CPU has not been fed for\na while. That is to say, even other CPUs will not be blocked by\nspinlock, the current CPU might be stunk with local irq disabled for a\nwhile, which hurts not only nmi watchdog but also softlockup.\n\nChao Gao pointed out that the memory accept could be time costly and\nthere was similar report before. Thus to avoid any softlocup detection\nduring this stage, give the softlockup a flag to skip the timeout check\nat the end of accept_memory(), by invoking touch_softlockup_watchdog()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:32.357Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e115c1b5de55a105c75aba8eb08301c075fa4ef4"
        },
        {
          "url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185"
        }
      ],
      "title": "efi/unaccepted: touch soft lockup during memory accept",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36936",
    "datePublished": "2024-05-30T15:29:25.767Z",
    "dateReserved": "2024-05-30T15:25:07.071Z",
    "dateUpdated": "2025-05-04T12:56:32.357Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T03:43:50.123Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-36936\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-12T19:14:06.800588Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-12T19:14:16.741Z\"}}], \"cna\": {\"title\": \"efi/unaccepted: touch soft lockup during memory accept\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"50e782a86c980d4f8292ef82ed8139282ca07a98\", \"lessThan\": \"e115c1b5de55a105c75aba8eb08301c075fa4ef4\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"50e782a86c980d4f8292ef82ed8139282ca07a98\", \"lessThan\": \"781e34b736014188ba9e46a71535237313dcda81\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"50e782a86c980d4f8292ef82ed8139282ca07a98\", \"lessThan\": \"1c5a1627f48105cbab81d25ec2f72232bfaa8185\", \"versionType\": \"git\"}], \"programFiles\": [\"drivers/firmware/efi/unaccepted_memory.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.6\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"6.6\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"6.6.55\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.8.10\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.8.*\"}, {\"status\": \"unaffected\", \"version\": \"6.9\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"drivers/firmware/efi/unaccepted_memory.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/e115c1b5de55a105c75aba8eb08301c075fa4ef4\"}, {\"url\": \"https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81\"}, {\"url\": \"https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185\"}], \"x_generator\": {\"engine\": \"bippy-5f407fcff5a0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nefi/unaccepted: touch soft lockup during memory accept\\n\\nCommit 50e782a86c98 (\\\"efi/unaccepted: Fix soft lockups caused by\\nparallel memory acceptance\\\") has released the spinlock so other CPUs can\\ndo memory acceptance in parallel and not triggers softlockup on other\\nCPUs.\\n\\nHowever the softlock up was intermittent shown up if the memory of the\\nTD guest is large, and the timeout of softlockup is set to 1 second:\\n\\n RIP: 0010:_raw_spin_unlock_irqrestore\\n Call Trace:\\n ? __hrtimer_run_queues\\n \u003cIRQ\u003e\\n ? hrtimer_interrupt\\n ? watchdog_timer_fn\\n ? __sysvec_apic_timer_interrupt\\n ? __pfx_watchdog_timer_fn\\n ? sysvec_apic_timer_interrupt\\n \u003c/IRQ\u003e\\n ? __hrtimer_run_queues\\n \u003cTASK\u003e\\n ? hrtimer_interrupt\\n ? asm_sysvec_apic_timer_interrupt\\n ? _raw_spin_unlock_irqrestore\\n ? __sysvec_apic_timer_interrupt\\n ? sysvec_apic_timer_interrupt\\n accept_memory\\n try_to_accept_memory\\n do_huge_pmd_anonymous_page\\n get_page_from_freelist\\n __handle_mm_fault\\n __alloc_pages\\n __folio_alloc\\n ? __tdx_hypercall\\n handle_mm_fault\\n vma_alloc_folio\\n do_user_addr_fault\\n do_huge_pmd_anonymous_page\\n exc_page_fault\\n ? __do_huge_pmd_anonymous_page\\n asm_exc_page_fault\\n __handle_mm_fault\\n\\nWhen the local irq is enabled at the end of accept_memory(), the\\nsoftlockup detects that the watchdog on single CPU has not been fed for\\na while. That is to say, even other CPUs will not be blocked by\\nspinlock, the current CPU might be stunk with local irq disabled for a\\nwhile, which hurts not only nmi watchdog but also softlockup.\\n\\nChao Gao pointed out that the memory accept could be time costly and\\nthere was similar report before. Thus to avoid any softlocup detection\\nduring this stage, give the softlockup a flag to skip the timeout check\\nat the end of accept_memory(), by invoking touch_softlockup_watchdog().\"}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2024-12-19T09:02:36.525Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-36936\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-12-19T09:02:36.525Z\", \"dateReserved\": \"2024-05-30T15:25:07.071Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-05-30T15:29:25.767Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…