{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56610", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-27T14:03:06.013Z", "datePublished": "2024-12-27T14:51:15.305Z", "dateUpdated": "2025-01-06T15:47:44.182Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-01-06T15:47:44.182Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcsan: Turn report_filterlist_lock into a raw_spinlock\n\nRan Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see\nsplats like:\n\n| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n| preempt_count: 10002, expected: 0\n| RCU nest depth: 0, expected: 0\n| no locks held by swapper/1/0.\n| irq event stamp: 156674\n| hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240\n| hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0\n| softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60\n| softirqs last disabled at (0): [<0000000000000000>] 0x0\n| Preemption disabled at:\n| [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90\n| CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3\n| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014\n| Call Trace:\n| <IRQ>\n| dump_stack_lvl+0x7e/0xc0\n| dump_stack+0x1d/0x30\n| __might_resched+0x1a2/0x270\n| rt_spin_lock+0x68/0x170\n| kcsan_skip_report_debugfs+0x43/0xe0\n| print_report+0xb5/0x590\n| kcsan_report_known_origin+0x1b1/0x1d0\n| kcsan_setup_watchpoint+0x348/0x650\n| __tsan_unaligned_write1+0x16d/0x1d0\n| hrtimer_interrupt+0x3d6/0x430\n| __sysvec_apic_timer_interrupt+0xe8/0x3a0\n| sysvec_apic_timer_interrupt+0x97/0xc0\n| </IRQ>\n\nOn a detected data race, KCSAN's reporting logic checks if it should\nfilter the report. That list is protected by the report_filterlist_lock\n*non-raw* spinlock which may sleep on RT kernels.\n\nSince KCSAN may report data races in any context, convert it to a\nraw_spinlock.\n\nThis requires being careful about when to allocate memory for the filter\nlist itself which can be done via KCSAN's debugfs interface. Concurrent\nmodification of the filter list via debugfs should be rare: the chosen\nstrategy is to optimistically pre-allocate memory before the critical\nsection and discard if unused."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/kcsan/debugfs.c"], "versions": [{"version": "dfd402a4c4baae42398ce9180ff424d589b8bffc", "lessThan": "f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d", "status": "affected", "versionType": "git"}, {"version": "dfd402a4c4baae42398ce9180ff424d589b8bffc", "lessThan": "ea6588abcc15d68fdeae777ffe3dd74c02eab407", "status": "affected", "versionType": "git"}, {"version": "dfd402a4c4baae42398ce9180ff424d589b8bffc", "lessThan": "0ab4951c1473c7d1ceaf1232eb927109cd1c4859", "status": "affected", "versionType": "git"}, {"version": "dfd402a4c4baae42398ce9180ff424d589b8bffc", "lessThan": "dca4e74a918586913d251c0b359e8cc96a3883ea", "status": "affected", "versionType": "git"}, {"version": "dfd402a4c4baae42398ce9180ff424d589b8bffc", "lessThan": "889a0d3a35fdedba1c5dcb6410c95c32421680ec", "status": "affected", "versionType": "git"}, {"version": "dfd402a4c4baae42398ce9180ff424d589b8bffc", "lessThan": "59458fa4ddb47e7891c61b4a928d13d5f5b00aa0", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["kernel/kcsan/debugfs.c"], "versions": [{"version": "5.8", "status": "affected"}, {"version": "0", "lessThan": "5.8", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.231", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.174", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.120", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.66", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.5", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.13-rc1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d"}, {"url": "https://git.kernel.org/stable/c/ea6588abcc15d68fdeae777ffe3dd74c02eab407"}, {"url": "https://git.kernel.org/stable/c/0ab4951c1473c7d1ceaf1232eb927109cd1c4859"}, {"url": "https://git.kernel.org/stable/c/dca4e74a918586913d251c0b359e8cc96a3883ea"}, {"url": "https://git.kernel.org/stable/c/889a0d3a35fdedba1c5dcb6410c95c32421680ec"}, {"url": "https://git.kernel.org/stable/c/59458fa4ddb47e7891c61b4a928d13d5f5b00aa0"}], "title": "kcsan: Turn report_filterlist_lock into a raw_spinlock", "x_generator": {"engine": "bippy-5f407fcff5a0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkcsan: Turn report_filterlist_lock into a raw_spinlock\n\nRan Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see\nsplats like:\n\n| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n| preempt_count: 10002, expected: 0\n| RCU nest depth: 0, expected: 0\n| no locks held by swapper/1/0.\n| irq event stamp: 156674\n| hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240\n| hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0\n| softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60\n| softirqs last disabled at (0): [<0000000000000000>] 0x0\n| Preemption disabled at:\n| [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90\n| CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3\n| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014\n| Call Trace:\n| <IRQ>\n| dump_stack_lvl+0x7e/0xc0\n| dump_stack+0x1d/0x30\n| __might_resched+0x1a2/0x270\n| rt_spin_lock+0x68/0x170\n| kcsan_skip_report_debugfs+0x43/0xe0\n| print_report+0xb5/0x590\n| kcsan_report_known_origin+0x1b1/0x1d0\n| kcsan_setup_watchpoint+0x348/0x650\n| __tsan_unaligned_write1+0x16d/0x1d0\n| hrtimer_interrupt+0x3d6/0x430\n| __sysvec_apic_timer_interrupt+0xe8/0x3a0\n| sysvec_apic_timer_interrupt+0x97/0xc0\n| </IRQ>\n\nOn a detected data race, KCSAN's reporting logic checks if it should\nfilter the report. That list is protected by the report_filterlist_lock\n*non-raw* spinlock which may sleep on RT kernels.\n\nSince KCSAN may report data races in any context, convert it to a\nraw_spinlock.\n\nThis requires being careful about when to allocate memory for the filter\nlist itself which can be done via KCSAN's debugfs interface. Concurrent\nmodification of the filter list via debugfs should be rare: the chosen\nstrategy is to optimistically pre-allocate memory before the critical\nsection and discard if unused."}], "id": "CVE-2024-56610", "lastModified": "2024-12-27T15:15:20.490", "metrics": {}, "published": "2024-12-27T15:15:20.490", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/0ab4951c1473c7d1ceaf1232eb927109cd1c4859"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/59458fa4ddb47e7891c61b4a928d13d5f5b00aa0"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/889a0d3a35fdedba1c5dcb6410c95c32421680ec"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/dca4e74a918586913d251c0b359e8cc96a3883ea"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/ea6588abcc15d68fdeae777ffe3dd74c02eab407"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: kcsan: Turn report_filterlist_lock into a raw_spinlock", "id": "2334519", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334519"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nkcsan: Turn report_filterlist_lock into a raw_spinlock\nRan Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see\nsplats like:\n| BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\n| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1\n| preempt_count: 10002, expected: 0\n| RCU nest depth: 0, expected: 0\n| no locks held by swapper/1/0.\n| irq event stamp: 156674\n| hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240\n| hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0\n| softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60\n| softirqs last disabled at (0): [<0000000000000000>] 0x0\n| Preemption disabled at:\n| [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90\n| CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3\n| Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014\n| Call Trace:\n| <IRQ>\n| dump_stack_lvl+0x7e/0xc0\n| dump_stack+0x1d/0x30\n| __might_resched+0x1a2/0x270\n| rt_spin_lock+0x68/0x170\n| kcsan_skip_report_debugfs+0x43/0xe0\n| print_report+0xb5/0x590\n| kcsan_report_known_origin+0x1b1/0x1d0\n| kcsan_setup_watchpoint+0x348/0x650\n| __tsan_unaligned_write1+0x16d/0x1d0\n| hrtimer_interrupt+0x3d6/0x430\n| __sysvec_apic_timer_interrupt+0xe8/0x3a0\n| sysvec_apic_timer_interrupt+0x97/0xc0\n| </IRQ>\nOn a detected data race, KCSAN's reporting logic checks if it should\nfilter the report. That list is protected by the report_filterlist_lock\n*non-raw* spinlock which may sleep on RT kernels.\nSince KCSAN may report data races in any context, convert it to a\nraw_spinlock.\nThis requires being careful about when to allocate memory for the filter\nlist itself which can be done via KCSAN's debugfs interface. Concurrent\nmodification of the filter list via debugfs should be rare: the chosen\nstrategy is to optimistically pre-allocate memory before the critical\nsection and discard if unused."], "name": "CVE-2024-56610", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-12-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56610\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56610\nhttps://lore.kernel.org/linux-cve-announce/2024122706-CVE-2024-56610-905f@gregkh/T"], "threat_severity": "Low"}