CVE-2024-44968 tick/broadcast: Move per CPU pointer access into the atomic section

2024-09-0418:56:45

Linux

www.cve.org

linux kernel

atomic section

pointer access

preemptible context

reliable fix

timer

compiler

smp_processor_id

hotplug_cpu__broadcast_tick_pull

EPSS

Percentile

13.7%

JSON

In the Linux kernel, the following vulnerability has been resolved:

tick/broadcast: Move per CPU pointer access into the atomic section

The recent fix for making the take over of the broadcast timer more
reliable retrieves a per CPU pointer in preemptible context.

This went unnoticed as compilers hoist the access into the non-preemptible
region where the pointer is actually used. But of course it’s valid that
the compiler keeps it at the place where the code puts it which rightfully
triggers:

BUG: using smp_processor_id() in preemptible [00000000] code:
caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0

Move it to the actual usage site which is in a non-preemptible region.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/time/tick-broadcast.c"
    ],
    "versions": [
      {
        "version": "dfe19aa91378",
        "lessThan": "f54abf332a2b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "457a1c87d454",
        "lessThan": "f91fb47ecacc",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "9ef719022814",
        "lessThan": "668c6c4a7e9e",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "d3b165c10473",
        "lessThan": "541a900d2455",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "408bfb6b0a7f",
        "lessThan": "7b3ec186ba93",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3a58c590f6bd",
        "lessThan": "b9d604933d5f",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "2cdab4b4bf77",
        "lessThan": "7dd12f85f150",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f7d43dd206e7",
        "lessThan": "6881e75237a8",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "kernel/time/tick-broadcast.c"
    ],
    "versions": [
      {
        "version": "6.1.103",
        "lessThan": "6.1.105",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "6.6.44",
        "lessThan": "6.6.46",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "6.10.3",
        "lessThan": "6.10.5",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]