In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix KASAN issue with tasklet KASAN testing revealed the
following issue assocated with freeing an IRQ. [50006.466686] Call Trace:
[50006.466691] <IRQ> [50006.489538] dump_stack+0x5c/0x80 [50006.493475]
print_address_description.constprop.6+0x1a/0x150 [50006.499872] ?
irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.505742] ?
irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.511644]
kasan_report.cold.11+0x7f/0x118 [50006.516572] ?
irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.522473]
irdma_sc_process_ceq+0x483/0x790 [irdma] [50006.528232]
irdma_process_ceq+0xb2/0x400 [irdma] [50006.533601] ?
irdma_hw_flush_wqes_callback+0x370/0x370 [irdma] [50006.540298]
irdma_ceq_dpc+0x44/0x100 [irdma] [50006.545306]
tasklet_action_common.isra.14+0x148/0x2c0 [50006.551096]
__do_softirq+0x1d0/0xaf8 [50006.555396] irq_exit_rcu+0x219/0x260
[50006.559670] irq_exit+0xa/0x20 [50006.563320]
smp_apic_timer_interrupt+0x1bf/0x690 [50006.568645]
apic_timer_interrupt+0xf/0x20 [50006.573341] </IRQ> The issue is that a
tasklet could be pending on another core racing the delete of the irq. Fix
by insuring any scheduled tasklet is killed after deleting the irq.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 23.10 | noarch | linux | < 6.5.0-44.44 | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < 5.15.0-112.122 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-hwe-5.15 | < 5.15.0-113.123~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-hwe-6.5 | < 6.5.0-44.44~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-kvm | < 5.15.0-1060.65 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < 5.15.0-1063.69 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < 5.15.0-1063.69~20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < 6.5.0-1023.23~22.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < 5.15.0-1066.75 | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
git.kernel.org/linus/bd97cea7b18a0a553773af806dfbfac27a7c4acb (6.8-rc6)
git.kernel.org/stable/c/0ae8ad0013978f7471f22bcf45b027393e87f5dc
git.kernel.org/stable/c/635d79aa477f9912e602feb5498bdd51fb9cb824
git.kernel.org/stable/c/b2e4a5266e3d133b4c7f0e43bf40d13ce14fd1aa
git.kernel.org/stable/c/bd97cea7b18a0a553773af806dfbfac27a7c4acb
git.kernel.org/stable/c/c6f1ca235f68b22b3e691b2ea87ac285e5946848
launchpad.net/bugs/cve/CVE-2024-26838
nvd.nist.gov/vuln/detail/CVE-2024-26838
security-tracker.debian.org/tracker/CVE-2024-26838
ubuntu.com/security/notices/USN-6820-1
ubuntu.com/security/notices/USN-6820-2
ubuntu.com/security/notices/USN-6821-1
ubuntu.com/security/notices/USN-6821-2
ubuntu.com/security/notices/USN-6821-3
ubuntu.com/security/notices/USN-6821-4
ubuntu.com/security/notices/USN-6828-1
ubuntu.com/security/notices/USN-6871-1
ubuntu.com/security/notices/USN-6892-1
ubuntu.com/security/notices/USN-6895-1
ubuntu.com/security/notices/USN-6895-2
ubuntu.com/security/notices/USN-6895-3
ubuntu.com/security/notices/USN-6900-1
ubuntu.com/security/notices/USN-6919-1
www.cve.org/CVERecord?id=CVE-2024-26838