FKIE_CVE-2024-39508

Vulnerability from fkie_nvd - Published: 2024-07-12 13:15 - Updated: 2025-10-03 15:13
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags Utilize set_bit() and test_bit() on worker->flags within io_uring/io-wq to address potential data races. The structure io_worker->flags may be accessed through various data paths, leading to concurrency issues. When KCSAN is enabled, it reveals data races occurring in io_worker_handle_work and io_wq_activate_free_worker functions. BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28: io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569) io_wq_worker (io_uring/io-wq.c:?) <snip> read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5: io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285) io_wq_enqueue (io_uring/io-wq.c:947) io_queue_iowq (io_uring/io_uring.c:524) io_req_task_submit (io_uring/io_uring.c:1511) io_handle_tw_list (io_uring/io_uring.c:1198) <snip> Line numbers against commit 18daea77cca6 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm"). These races involve writes and reads to the same memory location by different tasks running on different CPUs. To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. This ensures thread-safe manipulation of worker flags. Also, move `create_index` to avoid holes in the structure.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bfPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbabPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bfPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbabPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A1DF348-9444-4E81-908D-E55FC0BAE7EB",
              "versionEndExcluding": "6.6.35",
              "versionStartIncluding": "5.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975",
              "versionEndExcluding": "6.9.6",
              "versionStartIncluding": "6.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: Use set_bit() and test_bit() at worker-\u003eflags\n\nUtilize set_bit() and test_bit() on worker-\u003eflags within io_uring/io-wq\nto address potential data races.\n\nThe structure io_worker-\u003eflags may be accessed through various data\npaths, leading to concurrency issues. When KCSAN is enabled, it reveals\ndata races occurring in io_worker_handle_work and\nio_wq_activate_free_worker functions.\n\n\t BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker\n\t write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:\n\t io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)\n\t io_wq_worker (io_uring/io-wq.c:?)\n\u003csnip\u003e\n\n\t read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:\n\t io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)\n\t io_wq_enqueue (io_uring/io-wq.c:947)\n\t io_queue_iowq (io_uring/io_uring.c:524)\n\t io_req_task_submit (io_uring/io_uring.c:1511)\n\t io_handle_tw_list (io_uring/io_uring.c:1198)\n\u003csnip\u003e\n\nLine numbers against commit 18daea77cca6 (\"Merge tag \u0027for-linus\u0027 of\ngit://git.kernel.org/pub/scm/virt/kvm/kvm\").\n\nThese races involve writes and reads to the same memory location by\ndifferent tasks running on different CPUs. To mitigate this, refactor\nthe code to use atomic operations such as set_bit(), test_bit(), and\nclear_bit() instead of basic \"and\" and \"or\" operations. This ensures\nthread-safe manipulation of worker flags.\n\nAlso, move `create_index` to avoid holes in the structure."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring/io-wq: use set_bit() y test_bit() en trabajador-\u0026gt;flags Utilice set_bit() y test_bit() en trabajador-\u0026gt;flags dentro de io_uring/io-wq para abordar posibles ejecuci\u00f3ns de datos. Se puede acceder a la estructura io_worker-\u0026gt;flags a trav\u00e9s de varias rutas de datos, lo que genera problemas de concurrencia. Cuando KCSAN est\u00e1 habilitado, revela ejecuci\u00f3ns de datos que ocurren en las funciones io_worker_handle_work y io_wq_activate_free_worker. ERROR: KCSAN: ejecuci\u00f3n de datos en io_worker_handle_work/io_wq_activate_free_worker escribe en 0xffff8885c4246404 de 4 bytes por tarea 49071 en la CPU 28: io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569) (io_durante/io -wq.c:?)  leer en 0xffff8885c4246404 de 4 bytes por tarea 49024 en la CPU 5: io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285) io_wq_enqueue (io_uring/io- wq.c:947) io_queue_iowq (io_uring/io_uring.c:524) io_req_task_submit (io_uring/io_uring.c:1511) io_handle_tw_list (io_uring/io_uring.c:1198)  N\u00fameros de l\u00ednea contra El commit 18daea77cca6 (\"Etiqueta de combinaci\u00f3n \u0027para -linus\u0027 de git://git.kernel.org/pub/scm/virt/kvm/kvm\"). Estas ejecuciones implican escrituras y lecturas en la misma ubicaci\u00f3n de memoria mediante diferentes tareas que se ejecutan en diferentes CPU. Para mitigar esto, refactorice el c\u00f3digo para usar operaciones at\u00f3micas como set_bit(), test_bit() y clear_bit() en lugar de operaciones b\u00e1sicas \"y\" y \"o\". Esto garantiza una manipulaci\u00f3n segura para subprocesos de los indicadores de los trabajadores. Adem\u00e1s, mueva `create_index` para evitar agujeros en la estructura."
    }
  ],
  "id": "CVE-2024-39508",
  "lastModified": "2025-10-03T15:13:42.830",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-12T13:15:13.130",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bf"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbab"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/1cbb0affb15470a9621267fe0a8568007553a4bf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/8a565304927fbd28c9f028c492b5c1714002cbab"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.