CVE-2024-46839
Linux Kernel Workqueue NMI Watchdog races in Multi-CPU Stop
Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
INFO
Published Date :
Sept. 27, 2024, 1:15 p.m.
Last Modified :
Oct. 1, 2024, 2:15 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
Exploitability Score :
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-46839
vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-46839
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Translated by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 01, 2024
Action Type Old Value New Value Removed Translation Title: kernel de Linux Description: En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: workqueue: Mejorar la escalabilidad del watchdog de workqueue touch En un sistema powerpc de ~2000 CPU, se han observado bloqueos duros en el código de workqueue cuando se ejecuta stop_machine (en este caso debido a la conexión en caliente de la CPU). Esto se debe a que muchas CPU giran en multi_cpu_stop, llamando a touch_nmi_watchdog() que termina llamando a wq_watchdog_touch(). wq_watchdog_touch() escribe en la variable global wq_watchdog_touched, y esta puede encontrarse en la misma línea de caché que otros datos importantes de workqueue, lo que ralentiza las operaciones hasta el punto de bloquearse. En el caso del siguiente seguimiento abreviado, worker_pool_idr estaba en la línea directa, lo que hacía que los bloqueos siempre aparecieran en idr_find. watchdog: CPU 1125 autodetectó BLOQUEO duro @ idr_find Seguimiento de llamadas: get_work_pool __queue_work call_timer_fn run_timer_softirq __do_softirq do_softirq_own_stack irq_exit timer_interrupt decrementer_common_virt * interrupción: 900 (temporizador) en multi_cpu_stop multi_cpu_stop cpu_stopper_thread smpboot_thread_fn kthread Solucione esto haciendo que wq_watchdog_touch() solo escriba en la línea si la última vez que se registró un toque excede 1/4 del umbral del watchdog. -
CVE Rejected by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 01, 2024
Action Type Old Value New Value -
CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Oct. 01, 2024
Action Type Old Value New Value Changed Description In the Linux kernel, the following vulnerability has been resolved: workqueue: Improve scalability of workqueue watchdog touch On a ~2000 CPU powerpc system, hard lockups have been observed in the workqueue code when stop_machine runs (in this case due to CPU hotplug). This is due to lots of CPUs spinning in multi_cpu_stop, calling touch_nmi_watchdog() which ends up calling wq_watchdog_touch(). wq_watchdog_touch() writes to the global variable wq_watchdog_touched, and that can find itself in the same cacheline as other important workqueue data, which slows down operations to the point of lockups. In the case of the following abridged trace, worker_pool_idr was in the hot line, causing the lockups to always appear at idr_find. watchdog: CPU 1125 self-detected hard LOCKUP @ idr_find Call Trace: get_work_pool __queue_work call_timer_fn run_timer_softirq __do_softirq do_softirq_own_stack irq_exit timer_interrupt decrementer_common_virt * interrupt: 900 (timer) at multi_cpu_stop multi_cpu_stop cpu_stopper_thread smpboot_thread_fn kthread Fix this by having wq_watchdog_touch() only write to the line if the last time a touch was recorded exceeds 1/4 of the watchdog threshold. Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Removed Reference kernel.org https://git.kernel.org/stable/c/9d08fce64dd77f42e2361a4818dbc4b50f3c7dad Removed Reference kernel.org https://git.kernel.org/stable/c/a2abd35e7dc55bf9ed01e2b3481fa78e086d3bf4 Removed Reference kernel.org https://git.kernel.org/stable/c/241bce1c757d0587721512296952e6bba69631ed Removed Reference kernel.org https://git.kernel.org/stable/c/da5f374103a1e0881bbd35847dc57b04ac155eb0 Removed Reference kernel.org https://git.kernel.org/stable/c/98f887f820c993e05a12e8aa816c80b8661d4c87 -
CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Sep. 27, 2024
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: workqueue: Improve scalability of workqueue watchdog touch On a ~2000 CPU powerpc system, hard lockups have been observed in the workqueue code when stop_machine runs (in this case due to CPU hotplug). This is due to lots of CPUs spinning in multi_cpu_stop, calling touch_nmi_watchdog() which ends up calling wq_watchdog_touch(). wq_watchdog_touch() writes to the global variable wq_watchdog_touched, and that can find itself in the same cacheline as other important workqueue data, which slows down operations to the point of lockups. In the case of the following abridged trace, worker_pool_idr was in the hot line, causing the lockups to always appear at idr_find. watchdog: CPU 1125 self-detected hard LOCKUP @ idr_find Call Trace: get_work_pool __queue_work call_timer_fn run_timer_softirq __do_softirq do_softirq_own_stack irq_exit timer_interrupt decrementer_common_virt * interrupt: 900 (timer) at multi_cpu_stop multi_cpu_stop cpu_stopper_thread smpboot_thread_fn kthread Fix this by having wq_watchdog_touch() only write to the line if the last time a touch was recorded exceeds 1/4 of the watchdog threshold. Added Reference kernel.org https://git.kernel.org/stable/c/9d08fce64dd77f42e2361a4818dbc4b50f3c7dad [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/a2abd35e7dc55bf9ed01e2b3481fa78e086d3bf4 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/241bce1c757d0587721512296952e6bba69631ed [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/da5f374103a1e0881bbd35847dc57b04ac155eb0 [No types assigned] Added Reference kernel.org https://git.kernel.org/stable/c/98f887f820c993e05a12e8aa816c80b8661d4c87 [No types assigned]
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-46839
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-46839
weaknesses.