Ubuntu: (Multiple Advisories) (CVE-2024-36888): Linux kernel vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2024-36888): Linux kernel vulnerabilities

Severity

4

CVSS

(AV:L/AC:M/Au:N/C:P/I:P/A:P)

Published

05/30/2024

Created

08/10/2024

Added

08/09/2024

Modified

01/23/2025

Description

In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000000000000 TEID: 0000000000000803 [..] Call Trace: arch_vcpu_is_preempted+0x12/0x80 select_idle_sibling+0x42/0x560 select_task_rq_fair+0x29a/0x3b0 try_to_wake_up+0x38e/0x6e0 kick_pool+0xa4/0x198 __queue_work.part.0+0x2bc/0x3a8 call_timer_fn+0x36/0x160 __run_timers+0x1e2/0x328 __run_timer_base+0x5a/0x88 run_timer_softirq+0x40/0x78 __do_softirq+0x118/0x388 irq_exit_rcu+0xc0/0xd8 do_ext_irq+0xae/0x168 ext_int_handler+0xbe/0xf0 psw_idle_exit+0x0/0xc default_idle_call+0x3c/0x110 do_idle+0xd4/0x158 cpu_startup_entry+0x40/0x48 rest_init+0xc6/0xc8 start_kernel+0x3c4/0x5e0 startup_continue+0x3c/0x50 The crash is caused by calling arch_vcpu_is_preempted() for an offline CPU. To avoid this, select the cpu with cpumask_any_and_distribute() to mask __pod_cpumask with cpu_online_mask. In case no cpu is left in the pool, skip the assignment. tj: This doesn't fully fix the bug as CPUs can still go down between picking the target CPU and the wake call. Fixing that likely requires adding cpu_online() test to either the sched or s390 arch code. However, regardless of how that is fixed, workqueue shouldn't be picking a CPU which isn't online as that would result in unpredictable and worse behavior.

Solution(s)

• ubuntu-upgrade-linux-image-6-8-0-1008-gke
• ubuntu-upgrade-linux-image-6-8-0-1009-raspi
• ubuntu-upgrade-linux-image-6-8-0-1010-ibm
• ubuntu-upgrade-linux-image-6-8-0-1010-oem
• ubuntu-upgrade-linux-image-6-8-0-1010-oracle
• ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-6-8-0-1012-azure
• ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde
• ubuntu-upgrade-linux-image-6-8-0-1012-gcp
• ubuntu-upgrade-linux-image-6-8-0-1013-aws
• ubuntu-upgrade-linux-image-6-8-0-40-generic
• ubuntu-upgrade-linux-image-6-8-0-40-generic-64k
• ubuntu-upgrade-linux-image-6-8-0-40-lowlatency
• ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k
• ubuntu-upgrade-linux-image-aws
• ubuntu-upgrade-linux-image-azure
• ubuntu-upgrade-linux-image-azure-fde
• ubuntu-upgrade-linux-image-gcp
• ubuntu-upgrade-linux-image-generic
• ubuntu-upgrade-linux-image-generic-64k
• ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
• ubuntu-upgrade-linux-image-generic-hwe-24-04
• ubuntu-upgrade-linux-image-generic-lpae
• ubuntu-upgrade-linux-image-gke
• ubuntu-upgrade-linux-image-ibm
• ubuntu-upgrade-linux-image-ibm-classic
• ubuntu-upgrade-linux-image-ibm-lts-24-04
• ubuntu-upgrade-linux-image-kvm
• ubuntu-upgrade-linux-image-lowlatency
• ubuntu-upgrade-linux-image-lowlatency-64k
• ubuntu-upgrade-linux-image-nvidia
• ubuntu-upgrade-linux-image-nvidia-6-8
• ubuntu-upgrade-linux-image-nvidia-64k
• ubuntu-upgrade-linux-image-nvidia-64k-6-8
• ubuntu-upgrade-linux-image-nvidia-lowlatency
• ubuntu-upgrade-linux-image-nvidia-lowlatency-64k
• ubuntu-upgrade-linux-image-oem-24-04
• ubuntu-upgrade-linux-image-oem-24-04a
• ubuntu-upgrade-linux-image-oracle
• ubuntu-upgrade-linux-image-oracle-64k
• ubuntu-upgrade-linux-image-raspi
• ubuntu-upgrade-linux-image-virtual
• ubuntu-upgrade-linux-image-virtual-hwe-24-04

References

• https://attackerkb.com/topics/cve-2024-36888
• CVE - 2024-36888
• USN-6949-1
• USN-6949-2
• USN-6952-1
• USN-6952-2
• USN-6955-1