CVE-2024-47143
Linux Kernel dma-debug Lock Deadlock
Description
In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2's one (W) rq_lock() CPU1 situation can happen when it extending radix tree and it tries to wake up kswapd via wake_all_kswapd(). CPU2 situation can happen while perf_event_task_sched_out() (i.e. dma sync operation is called while deleting perf_event using etm and etr tmc which are Arm Coresight hwtracing driver backends). To remove this possible situation, call dma_entry_free() after put_hash_bucket() in check_unmap().
INFO
Published Date :
Jan. 11, 2025, 1:15 p.m.
Last Modified :
Feb. 3, 2025, 3:15 p.m.
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Remotely Exploitable :
No
Impact Score :
3.6
Exploitability Score :
1.8
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-47143.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-47143 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-47143 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Feb. 03, 2025
Action Type Old Value New Value Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Added CWE NIST CWE-667 Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 5.10.231 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.174 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.120 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.66 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.12.5 Changed Reference Type https://git.kernel.org/stable/c/3ccce34a5c3f5c9541108a451657ade621524b32 No Types Assigned https://git.kernel.org/stable/c/3ccce34a5c3f5c9541108a451657ade621524b32 Patch Changed Reference Type https://git.kernel.org/stable/c/7543c3e3b9b88212fcd0aaf5cab5588797bdc7de No Types Assigned https://git.kernel.org/stable/c/7543c3e3b9b88212fcd0aaf5cab5588797bdc7de Patch Changed Reference Type https://git.kernel.org/stable/c/8c1b4fea8d62285f5e1a8194889b39661608bd8a No Types Assigned https://git.kernel.org/stable/c/8c1b4fea8d62285f5e1a8194889b39661608bd8a Patch Changed Reference Type https://git.kernel.org/stable/c/c212d91070beca0d03fef7bf988baf4ff4b3eee4 No Types Assigned https://git.kernel.org/stable/c/c212d91070beca0d03fef7bf988baf4ff4b3eee4 Patch Changed Reference Type https://git.kernel.org/stable/c/efe1b9bbf356357fdff0399af361133d6e3ba18e No Types Assigned https://git.kernel.org/stable/c/efe1b9bbf356357fdff0399af361133d6e3ba18e Patch Changed Reference Type https://git.kernel.org/stable/c/f2b95248a16c5186d1c658fc0aeb2f3bd95e5259 No Types Assigned https://git.kernel.org/stable/c/f2b95248a16c5186d1c658fc0aeb2f3bd95e5259 Patch -
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Jan. 11, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2's one (W) rq_lock() CPU1 situation can happen when it extending radix tree and it tries to wake up kswapd via wake_all_kswapd(). CPU2 situation can happen while perf_event_task_sched_out() (i.e. dma sync operation is called while deleting perf_event using etm and etr tmc which are Arm Coresight hwtracing driver backends). To remove this possible situation, call dma_entry_free() after put_hash_bucket() in check_unmap(). Added Reference https://git.kernel.org/stable/c/3ccce34a5c3f5c9541108a451657ade621524b32 Added Reference https://git.kernel.org/stable/c/7543c3e3b9b88212fcd0aaf5cab5588797bdc7de Added Reference https://git.kernel.org/stable/c/8c1b4fea8d62285f5e1a8194889b39661608bd8a Added Reference https://git.kernel.org/stable/c/c212d91070beca0d03fef7bf988baf4ff4b3eee4 Added Reference https://git.kernel.org/stable/c/efe1b9bbf356357fdff0399af361133d6e3ba18e Added Reference https://git.kernel.org/stable/c/f2b95248a16c5186d1c658fc0aeb2f3bd95e5259
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-47143 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-47143
weaknesses.