CVE-2024-58090

{"id": "CVE-2024-58090", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-03-27T15:15:54.123", "references": [{"url": "https://git.kernel.org/stable/c/0362847c520747b44b574d363705d8af0621727a", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/1651f5731b378616565534eb9cda30e258cebebc", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/288fdb8dcb71ec77b76ab8b8a06bc10f595ea504", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/321794b75ac968f0bb6b9c913581949452a8d992", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/68786ab0935ccd5721283b7eb7f4d2f2942c7a52", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/82c387ef7568c0d96a918a5a78d9cad6256cfa15", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/84586322e010164eedddfcd0a0894206ae7d9317", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b927c8539f692fb1f9c2f42e6c8ea2d94956f921", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/core: Prevent rescheduling when interrupts are disabled\n\nDavid reported a warning observed while loop testing kexec jump:\n\n Interrupts enabled after irqrouter_resume+0x0/0x50\n WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220\n kernel_kexec+0xf6/0x180\n __do_sys_reboot+0x206/0x250\n do_syscall_64+0x95/0x180\n\nThe corresponding interrupt flag trace:\n\n hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90\n hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90\n\nThat means __up_console_sem() was invoked with interrupts enabled. Further\ninstrumentation revealed that in the interrupt disabled section of kexec\njump one of the syscore_suspend() callbacks woke up a task, which set the\nNEED_RESCHED flag. A later callback in the resume path invoked\ncond_resched() which in turn led to the invocation of the scheduler:\n\n __cond_resched+0x21/0x60\n down_timeout+0x18/0x60\n acpi_os_wait_semaphore+0x4c/0x80\n acpi_ut_acquire_mutex+0x3d/0x100\n acpi_ns_get_node+0x27/0x60\n acpi_ns_evaluate+0x1cb/0x2d0\n acpi_rs_set_srs_method_data+0x156/0x190\n acpi_pci_link_set+0x11c/0x290\n irqrouter_resume+0x54/0x60\n syscore_resume+0x6a/0x200\n kernel_kexec+0x145/0x1c0\n __do_sys_reboot+0xeb/0x240\n do_syscall_64+0x95/0x180\n\nThis is a long standing problem, which probably got more visible with\nthe recent printk changes. Something does a task wakeup and the\nscheduler sets the NEED_RESCHED flag. cond_resched() sees it set and\ninvokes schedule() from a completely bogus context. The scheduler\nenables interrupts after context switching, which causes the above\nwarning at the end.\n\nQuite some of the code paths in syscore_suspend()/resume() can result in\ntriggering a wakeup with the exactly same consequences. They might not\nhave done so yet, but as they share a lot of code with normal operations\nit's just a question of time.\n\nThe problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling\nmodels. Full preemption is not affected as cond_resched() is disabled and\nthe preemption check preemptible() takes the interrupt disabled flag into\naccount.\n\nCure the problem by adding a corresponding check into cond_resched()."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/core: Evitar la reprogramaci\u00f3n cuando las interrupciones est\u00e1n deshabilitadas David inform\u00f3 una advertencia observada durante la prueba del bucle kexec jump: Interrupciones habilitadas despu\u00e9s de irqrouter_resume+0x0/0x50 ADVERTENCIA: CPU: 0 PID: 560 en drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 El seguimiento del indicador de interrupci\u00f3n correspondiente: hardirqs se habilit\u00f3 por \u00faltima vez en (15573): [] __up_console_sem+0x7e/0x90 hardirqs se desactiv\u00f3 por \u00faltima vez en (15580): [] __up_console_sem+0x63/0x90. Esto significa que __up_console_sem() se invoc\u00f3 con las interrupciones habilitadas. Una instrumentaci\u00f3n m\u00e1s detallada revel\u00f3 que, en la secci\u00f3n de interrupci\u00f3n deshabilitada de kexec jump, una de las devoluciones de llamada syscore_suspend() despert\u00f3 una tarea, lo que activ\u00f3 el indicador NEED_RESCHED. Una devoluci\u00f3n de llamada posterior en la ruta de reanudaci\u00f3n invoc\u00f3 cond_resched(), que a su vez condujo a la invocaci\u00f3n del programador: __cond_resched+0x21/0x60 down_timeout+0x18/0x60 acpi_os_wait_semaphore+0x4c/0x80 acpi_ut_acquire_mutex+0x3d/0x100 acpi_ns_get_node+0x27/0x60 acpi_ns_evaluate+0x1cb/0x2d0 acpi_rs_set_srs_method_data+0x156/0x190 acpi_pci_link_set+0x11c/0x290 irqrouter_resume+0x54/0x60 syscore_resume+0x6a/0x200 kernel_kexec+0x145/0x1c0 __do_sys_reboot+0xeb/0x240 do_syscall_64+0x95/0x180 Este es un problema de larga data, que probablemente se hizo m\u00e1s visible con los cambios recientes de printk. Algo hace una activaci\u00f3n de tarea y el programador establece el indicador NEED_RESCHED. cond_resched() lo ve establecido e invoca schedule() desde un contexto completamente falso. El programador habilita interrupciones despu\u00e9s del cambio de contexto, lo que causa la advertencia anterior al final. Algunas de las rutas de c\u00f3digo en syscore_suspend()/resume() pueden provocar la activaci\u00f3n de una activaci\u00f3n con exactamente las mismas consecuencias. Puede que no lo hayan hecho todav\u00eda, pero como comparten mucho c\u00f3digo con las operaciones normales, es solo cuesti\u00f3n de tiempo. El problema solo afecta a los modelos de programaci\u00f3n PREEMPT_NONE y PREEMPT_VOLUNTARY. La preempci\u00f3n completa no se ve afectada, ya que cond_resched() est\u00e1 deshabilitado y la comprobaci\u00f3n de preempci\u00f3n preemptible() tiene en cuenta la bandera de interrupci\u00f3n deshabilitada. Solucione el problema a\u00f1adiendo una comprobaci\u00f3n correspondiente a cond_resched()."}], "lastModified": "2025-10-31T16:22:49.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D4BCF5F-A64A-4766-A4C7-E33396F9300A", "versionEndExcluding": "5.4.291"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "545121FA-DE31-4154-9446-C2000FB4104D", "versionEndExcluding": "5.10.235", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C708062C-4E1B-465F-AE6D-C09C46400875", "versionEndExcluding": "5.15.179", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26997835-273D-4841-ABD3-4696059AC299", "versionEndExcluding": "6.1.130", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C92C9CD-2ADE-412E-A7FF-DC9E0630B25D", "versionEndExcluding": "6.6.81", "versionStartIncluding": "6.2"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5C8D9A-4013-4C1A-810F-AA540BB5737C", "versionEndExcluding": "6.12.18", "versionStartIncluding": "6.7"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64F12D9B-71C2-4CD7-A288-0D5EF1709620", "versionEndExcluding": "6.13.6", "versionStartIncluding": "6.13"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186716B6-2B66-4BD0-852E-D48E71C0C85F"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D3E781C-403A-498F-9DA9-ECEE50F41E75"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66619FB8-0AAF-4166-B2CF-67B24143261D"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.14:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3D6550E-6679-4560-902D-AF52DCFE905B"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}