{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-26987","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-02-19T14:20:24.205Z","datePublished":"2024-05-01T05:27:34.523Z","dateUpdated":"2026-05-11T20:08:13.190Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:08:13.190Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled\n\nWhen I did hard offline test with hugetlb pages, below deadlock occurs:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-11409-gf6cef5f8c37f #1 Not tainted\n------------------------------------------------------\nbash/46904 is trying to acquire lock:\nffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60\n\nbut task is already holding lock:\nffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (pcp_batch_high_lock){+.+.}-{3:3}:\n       __mutex_lock+0x6c/0x770\n       page_alloc_cpu_online+0x3c/0x70\n       cpuhp_invoke_callback+0x397/0x5f0\n       __cpuhp_invoke_callback_range+0x71/0xe0\n       _cpu_up+0xeb/0x210\n       cpu_up+0x91/0xe0\n       cpuhp_bringup_mask+0x49/0xb0\n       bringup_nonboot_cpus+0xb7/0xe0\n       smp_init+0x25/0xa0\n       kernel_init_freeable+0x15f/0x3e0\n       kernel_init+0x15/0x1b0\n       ret_from_fork+0x2f/0x50\n       ret_from_fork_asm+0x1a/0x30\n\n-> #0 (cpu_hotplug_lock){++++}-{0:0}:\n       __lock_acquire+0x1298/0x1cd0\n       lock_acquire+0xc0/0x2b0\n       cpus_read_lock+0x2a/0xc0\n       static_key_slow_dec+0x16/0x60\n       __hugetlb_vmemmap_restore_folio+0x1b9/0x200\n       dissolve_free_huge_page+0x211/0x260\n       __page_handle_poison+0x45/0xc0\n       memory_failure+0x65e/0xc70\n       hard_offline_page_store+0x55/0xa0\n       kernfs_fop_write_iter+0x12c/0x1d0\n       vfs_write+0x387/0x550\n       ksys_write+0x64/0xe0\n       do_syscall_64+0xca/0x1e0\n       entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n       CPU0                    CPU1\n       ----                    ----\n  lock(pcp_batch_high_lock);\n                               lock(cpu_hotplug_lock);\n                               lock(pcp_batch_high_lock);\n  rlock(cpu_hotplug_lock);\n\n *** DEADLOCK ***\n\n5 locks held by bash/46904:\n #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0\n #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0\n #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0\n #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70\n #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40\n\nstack backtrace:\nCPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x68/0xa0\n check_noncircular+0x129/0x140\n __lock_acquire+0x1298/0x1cd0\n lock_acquire+0xc0/0x2b0\n cpus_read_lock+0x2a/0xc0\n static_key_slow_dec+0x16/0x60\n __hugetlb_vmemmap_restore_folio+0x1b9/0x200\n dissolve_free_huge_page+0x211/0x260\n __page_handle_poison+0x45/0xc0\n memory_failure+0x65e/0xc70\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xca/0x1e0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7fc862314887\nCode: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24\nRSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887\nRDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001\nRBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00\n\nIn short, below scene breaks the \n---truncated---"}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/memory-failure.c"],"versions":[{"version":"a6b40850c442bf996e729e1d441d3dbc37cea171","lessThan":"5ef7ba2799a3b5ed292b8f6407376e2c25ef002e","status":"affected","versionType":"git"},{"version":"a6b40850c442bf996e729e1d441d3dbc37cea171","lessThan":"882e1180c83f5b75bae03d0ccc31ccedfe5159de","status":"affected","versionType":"git"},{"version":"a6b40850c442bf996e729e1d441d3dbc37cea171","lessThan":"49955b24002dc16a0ae2e83a57a2a6c863a1845c","status":"affected","versionType":"git"},{"version":"a6b40850c442bf996e729e1d441d3dbc37cea171","lessThan":"1983184c22dd84a4d95a71e5c6775c2638557dc7","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["mm/memory-failure.c"],"versions":[{"version":"5.18","status":"affected"},{"version":"0","lessThan":"5.18","status":"unaffected","versionType":"semver"},{"version":"6.1.88","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.29","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.8","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.1.88"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.6.29"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.8.8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.18","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/5ef7ba2799a3b5ed292b8f6407376e2c25ef002e"},{"url":"https://git.kernel.org/stable/c/882e1180c83f5b75bae03d0ccc31ccedfe5159de"},{"url":"https://git.kernel.org/stable/c/49955b24002dc16a0ae2e83a57a2a6c863a1845c"},{"url":"https://git.kernel.org/stable/c/1983184c22dd84a4d95a71e5c6775c2638557dc7"}],"title":"mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-17T17:40:46.496934Z","id":"CVE-2024-26987","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-17T17:46:47.510Z"}},{"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/5ef7ba2799a3b5ed292b8f6407376e2c25ef002e","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/882e1180c83f5b75bae03d0ccc31ccedfe5159de","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/49955b24002dc16a0ae2e83a57a2a6c863a1845c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/1983184c22dd84a4d95a71e5c6775c2638557dc7","tags":["x_transferred"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T17:15:23.408Z"}}]}}