{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-44968", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T05:34:56.667Z", "datePublished": "2024-09-04T18:56:45.456Z", "dateUpdated": "2024-11-05T09:43:09.997Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:43:09.997Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/broadcast: Move per CPU pointer access into the atomic section\n\nThe recent fix for making the take over of the broadcast timer more\nreliable retrieves a per CPU pointer in preemptible context.\n\nThis went unnoticed as compilers hoist the access into the non-preemptible\nregion where the pointer is actually used. But of course it's valid that\nthe compiler keeps it at the place where the code puts it which rightfully\ntriggers:\n\n BUG: using smp_processor_id() in preemptible [00000000] code:\n caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0\n\nMove it to the actual usage site which is in a non-preemptible region."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/time/tick-broadcast.c"], "versions": [{"version": "dfe19aa91378", "lessThan": "f54abf332a2b", "status": "affected", "versionType": "git"}, {"version": "457a1c87d454", "lessThan": "f91fb47ecacc", "status": "affected", "versionType": "git"}, {"version": "9ef719022814", "lessThan": "668c6c4a7e9e", "status": "affected", "versionType": "git"}, {"version": "d3b165c10473", "lessThan": "541a900d2455", "status": "affected", "versionType": "git"}, {"version": "408bfb6b0a7f", "lessThan": "7b3ec186ba93", "status": "affected", "versionType": "git"}, {"version": "3a58c590f6bd", "lessThan": "b9d604933d5f", "status": "affected", "versionType": "git"}, {"version": "2cdab4b4bf77", "lessThan": "7dd12f85f150", "status": "affected", "versionType": "git"}, {"version": "f7d43dd206e7", "lessThan": "6881e75237a8", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/time/tick-broadcast.c"], "versions": [{"version": "6.1.103", "lessThan": "6.1.105", "status": "affected", "versionType": "semver"}, {"version": "6.6.44", "lessThan": "6.6.46", "status": "affected", "versionType": "semver"}, {"version": "6.10.3", "lessThan": "6.10.5", "status": "affected", "versionType": "semver"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0"}, {"url": "https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec18c01d6"}, {"url": "https://git.kernel.org/stable/c/668c6c4a7e9e9f081c06b70f30104fb7013437ed"}, {"url": "https://git.kernel.org/stable/c/541a900d245536d4809cb1aa322c3fcc2cdb58a6"}, {"url": "https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d"}, {"url": "https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a"}, {"url": "https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9"}, {"url": "https://git.kernel.org/stable/c/6881e75237a84093d0986f56223db3724619f26e"}], "title": "tick/broadcast: Move per CPU pointer access into the atomic section", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:39:24.484235Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:33.994Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:39:24.484235Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:24.792Z"}}], "cna": {"title": "tick/broadcast: Move per CPU pointer access into the atomic section", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "dfe19aa91378", "lessThan": "f54abf332a2b", "versionType": "git"}, {"status": "affected", "version": "457a1c87d454", "lessThan": "f91fb47ecacc", "versionType": "git"}, {"status": "affected", "version": "9ef719022814", "lessThan": "668c6c4a7e9e", "versionType": "git"}, {"status": "affected", "version": "d3b165c10473", "lessThan": "541a900d2455", "versionType": "git"}, {"status": "affected", "version": "408bfb6b0a7f", "lessThan": "7b3ec186ba93", "versionType": "git"}, {"status": "affected", "version": "3a58c590f6bd", "lessThan": "b9d604933d5f", "versionType": "git"}, {"status": "affected", "version": "2cdab4b4bf77", "lessThan": "7dd12f85f150", "versionType": "git"}, {"status": "affected", "version": "f7d43dd206e7", "lessThan": "6881e75237a8", "versionType": "git"}], "programFiles": ["kernel/time/tick-broadcast.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.1.103", "lessThan": "6.1.105", "versionType": "semver"}, {"status": "affected", "version": "6.6.44", "lessThan": "6.6.46", "versionType": "semver"}, {"status": "affected", "version": "6.10.3", "lessThan": "6.10.5", "versionType": "semver"}], "programFiles": ["kernel/time/tick-broadcast.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0"}, {"url": "https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec18c01d6"}, {"url": "https://git.kernel.org/stable/c/668c6c4a7e9e9f081c06b70f30104fb7013437ed"}, {"url": "https://git.kernel.org/stable/c/541a900d245536d4809cb1aa322c3fcc2cdb58a6"}, {"url": "https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d"}, {"url": "https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a"}, {"url": "https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9"}, {"url": "https://git.kernel.org/stable/c/6881e75237a84093d0986f56223db3724619f26e"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/broadcast: Move per CPU pointer access into the atomic section\n\nThe recent fix for making the take over of the broadcast timer more\nreliable retrieves a per CPU pointer in preemptible context.\n\nThis went unnoticed as compilers hoist the access into the non-preemptible\nregion where the pointer is actually used. But of course it's valid that\nthe compiler keeps it at the place where the code puts it which rightfully\ntriggers:\n\n BUG: using smp_processor_id() in preemptible [00000000] code:\n caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0\n\nMove it to the actual usage site which is in a non-preemptible region."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:43:09.997Z"}}}, "cveMetadata": {"cveId": "CVE-2024-44968", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:43:09.997Z", "dateReserved": "2024-08-21T05:34:56.667Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-04T18:56:45.456Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "46ED0550-DB43-4D2A-8895-8F048C891A5F", "versionEndExcluding": "6.1.105", "versionStartIncluding": "6.1.103", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "83875505-0CFF-44AD-A3E1-BE3F8B866F43", "versionEndExcluding": "6.6.46", "versionStartIncluding": "6.6.44", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECD67C7B-CA88-4F2B-B232-AE23DDFBA7D2", "versionEndExcluding": "6.10.5", "versionStartIncluding": "6.10.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntick/broadcast: Move per CPU pointer access into the atomic section\n\nThe recent fix for making the take over of the broadcast timer more\nreliable retrieves a per CPU pointer in preemptible context.\n\nThis went unnoticed as compilers hoist the access into the non-preemptible\nregion where the pointer is actually used. But of course it's valid that\nthe compiler keeps it at the place where the code puts it which rightfully\ntriggers:\n\n BUG: using smp_processor_id() in preemptible [00000000] code:\n caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0\n\nMove it to the actual usage site which is in a non-preemptible region."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tick/broadcast: mover el acceso al puntero por CPU a la secci\u00f3n at\u00f3mica La soluci\u00f3n reciente para hacer que la toma de control del temporizador de difusi\u00f3n sea m\u00e1s fiable recupera un puntero por CPU en un contexto preemptible. Esto pas\u00f3 desapercibido ya que los compiladores elevan el acceso a la regi\u00f3n no preemptible donde realmente se usa el puntero. Pero, por supuesto, es v\u00e1lido que el compilador lo mantenga en el lugar donde lo pone el c\u00f3digo, lo que activa correctamente: ERROR: usar smp_processor_id() en c\u00f3digo preemptible [00000000]: el llamador es hotplug_cpu__broadcast_tick_pull+0x1c/0xc0 Mu\u00e9valo al sitio de uso real que est\u00e1 en una regi\u00f3n no preemptible."}], "id": "CVE-2024-44968", "lastModified": "2024-10-03T18:04:57.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-04T19:15:31.173", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/541a900d245536d4809cb1aa322c3fcc2cdb58a6"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/668c6c4a7e9e9f081c06b70f30104fb7013437ed"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/6881e75237a84093d0986f56223db3724619f26e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec18c01d6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: tick/broadcast: Move per CPU pointer access into the atomic section", "id": "2309799", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309799"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-367", "details": ["In the Linux kernel, the following vulnerability has been resolved:\ntick/broadcast: Move per CPU pointer access into the atomic section\nThe recent fix for making the take over of the broadcast timer more\nreliable retrieves a per CPU pointer in preemptible context.\nThis went unnoticed as compilers hoist the access into the non-preemptible\nregion where the pointer is actually used. But of course it's valid that\nthe compiler keeps it at the place where the code puts it which rightfully\ntriggers:\nBUG: using smp_processor_id() in preemptible [00000000] code:\ncaller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0\nMove it to the actual usage site which is in a non-preemptible region."], "name": "CVE-2024-44968", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-44968\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44968\nhttps://lore.kernel.org/linux-cve-announce/2024090456-CVE-2024-44968-3e4f@gregkh/T"], "threat_severity": "Moderate"}