{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-36888","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-30T15:25:07.065Z","datePublished":"2024-05-30T15:28:56.214Z","dateUpdated":"2025-05-04T09:11:27.618Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T09:11:27.618Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Fix selection of wake_cpu in kick_pool()\n\nWith cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following\nkernel oops was observed:\n\nsmp: Bringing up secondary CPUs ...\nsmp: Brought up 1 node, 8 CPUs\nUnable to handle kernel pointer dereference in virtual kernel address space\nFailing address: 0000000000000000 TEID: 0000000000000803\n[..]\n Call Trace:\narch_vcpu_is_preempted+0x12/0x80\nselect_idle_sibling+0x42/0x560\nselect_task_rq_fair+0x29a/0x3b0\ntry_to_wake_up+0x38e/0x6e0\nkick_pool+0xa4/0x198\n__queue_work.part.0+0x2bc/0x3a8\ncall_timer_fn+0x36/0x160\n__run_timers+0x1e2/0x328\n__run_timer_base+0x5a/0x88\nrun_timer_softirq+0x40/0x78\n__do_softirq+0x118/0x388\nirq_exit_rcu+0xc0/0xd8\ndo_ext_irq+0xae/0x168\next_int_handler+0xbe/0xf0\npsw_idle_exit+0x0/0xc\ndefault_idle_call+0x3c/0x110\ndo_idle+0xd4/0x158\ncpu_startup_entry+0x40/0x48\nrest_init+0xc6/0xc8\nstart_kernel+0x3c4/0x5e0\nstartup_continue+0x3c/0x50\n\nThe crash is caused by calling arch_vcpu_is_preempted() for an offline\nCPU. To avoid this, select the cpu with cpumask_any_and_distribute()\nto mask __pod_cpumask with cpu_online_mask. In case no cpu is left in\nthe pool, skip the assignment.\n\ntj: This doesn't fully fix the bug as CPUs can still go down between picking\nthe target CPU and the wake call. Fixing that likely requires adding\ncpu_online() test to either the sched or s390 arch code. However, regardless\nof how that is fixed, workqueue shouldn't be picking a CPU which isn't\nonline as that would result in unpredictable and worse behavior."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/workqueue.c"],"versions":[{"version":"8639ecebc9b1796d7074751a350462f5e1c61cd4","lessThan":"c57824d4fe07c2131f8c48687cbd5ee2be60c767","status":"affected","versionType":"git"},{"version":"8639ecebc9b1796d7074751a350462f5e1c61cd4","lessThan":"6d559e70b3eb6623935cbe7f94c1912c1099777b","status":"affected","versionType":"git"},{"version":"8639ecebc9b1796d7074751a350462f5e1c61cd4","lessThan":"57a01eafdcf78f6da34fad9ff075ed5dfdd9f420","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["kernel/workqueue.c"],"versions":[{"version":"6.6","status":"affected"},{"version":"0","lessThan":"6.6","status":"unaffected","versionType":"semver"},{"version":"6.6.31","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.8.10","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.6.31"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.8.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.6","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c57824d4fe07c2131f8c48687cbd5ee2be60c767"},{"url":"https://git.kernel.org/stable/c/6d559e70b3eb6623935cbe7f94c1912c1099777b"},{"url":"https://git.kernel.org/stable/c/57a01eafdcf78f6da34fad9ff075ed5dfdd9f420"}],"title":"workqueue: Fix selection of wake_cpu in kick_pool()","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"CWE-476 NULL Pointer Dereference"}]}],"affected":[{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"8639ecebc9b1","status":"affected","lessThan":"c57824d4fe07","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"8639ecebc9b1","status":"affected","lessThan":"6d559e70b3eb","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"8639ecebc9b1","status":"affected","lessThan":"57a01eafdcf7","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"unaffected","lessThan":"6.6","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.6.31","status":"unaffected","lessThan":"67","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.8.10","status":"unaffected","lessThan":"6.9","versionType":"custom"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.9","status":"unaffected"}]},{"vendor":"linux","product":"linux_kernel","cpes":["cpe:2.3:o:linux:linux_kernel:6.6:-:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"6.6","status":"affected"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.2,"attackVector":"LOCAL","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-06-03T16:08:09.861765Z","id":"CVE-2024-36888","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-06T19:30:56.460Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:43:49.849Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/c57824d4fe07c2131f8c48687cbd5ee2be60c767","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6d559e70b3eb6623935cbe7f94c1912c1099777b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/57a01eafdcf78f6da34fad9ff075ed5dfdd9f420","tags":["x_transferred"]}]}]}}