In the Linux kernel, the following vulnerability has been resolved:
cpu/hotplug: Don’t offline the last non-isolated CPU If a system has
isolated CPUs via the “isolcpus=” command line parameter, then an attempt
to offline the last housekeeping CPU will result in a WARN_ON() when
rebuilding the scheduler domains and a subsequent panic due to and
unhandled empty CPU mas in partition_sched_domains_locked().
cpuset_hotplug_workfn() rebuild_sched_domains_locked() ndoms =
generate_sched_domains(&doms, &attr); cpumask_and(doms[0],
top_cpuset.effective_cpus, housekeeping_cpumask(HK_FLAG_DOMAIN)); Thus
results in an empty CPU mask which triggers the warning and then the
subsequent crash: WARNING: CPU: 4 PID: 80 at kernel/sched/topology.c:2366
build_sched_domains+0x120c/0x1408 Call trace:
build_sched_domains+0x120c/0x1408
partition_sched_domains_locked+0x234/0x880
rebuild_sched_domains_locked+0x37c/0x798 rebuild_sched_domains+0x30/0x58
cpuset_hotplug_workfn+0x2a8/0x930 Unable to handle kernel paging request at
virtual address fffe80027ab37080 partition_sched_domains_locked+0x318/0x880
rebuild_sched_domains_locked+0x37c/0x798 Aside of the resulting crash, it
does not make any sense to offline the last last housekeeping CPU. Prevent
this by masking out the non-housekeeping CPUs when selecting a target CPU
for initiating the CPU unplug operation via the work queue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 20.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-aws-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-aws-6.5 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure | < any | UNKNOWN |
ubuntu | 20.04 | noarch | linux-azure-5.15 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | linux-azure-6.5 | < any | UNKNOWN |
git.kernel.org/linus/38685e2a0476127db766f81b1c06019ddc4c9ffa (6.7-rc1)
git.kernel.org/stable/c/3073f6df783d9d75f7f69f73e16c7ef85d6cfb63
git.kernel.org/stable/c/335a47ed71e332c82339d1aec0c7f6caccfcda13
git.kernel.org/stable/c/3410b702354702b500bde10e3cc1f9db8731d908
git.kernel.org/stable/c/38685e2a0476127db766f81b1c06019ddc4c9ffa
launchpad.net/bugs/cve/CVE-2023-52831
nvd.nist.gov/vuln/detail/CVE-2023-52831
security-tracker.debian.org/tracker/CVE-2023-52831
www.cve.org/CVERecord?id=CVE-2023-52831