CVE-2024-26681

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-26681
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-26681.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-26681
Downstream
Related
Published
2024-04-02T07:01:44Z
Modified
2025-10-09T03:17:17.696167Z
Summary
netdevsim: avoid potential loop in nsim_dev_trap_report_work()
Details

In the Linux kernel, the following vulnerability has been resolved:

netdevsim: avoid potential loop in nsimdevtrapreportwork()

Many syzbot reports include the following trace [1]

If nsimdevtrapreportwork() can not grab the mutex, it should rearm itself at least one jiffie later.

[1] Sending NMI from CPU 1 to CPUs 0: NMI backtrace for cpu 0 CPU: 0 PID: 32383 Comm: kworker/0:2 Not tainted 6.8.0-rc2-syzkaller-00031-g861c0981648f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: events nsimdevtrapreportwork RIP: 0010:bytesisnonzero mm/kasan/generic.c:89 [inline] RIP: 0010:memoryisnonzero mm/kasan/generic.c:104 [inline] RIP: 0010:memoryispoisonedn mm/kasan/generic.c:129 [inline] RIP: 0010:memoryispoisoned mm/kasan/generic.c:161 [inline] RIP: 0010:checkregioninline mm/kasan/generic.c:180 [inline] RIP: 0010:kasancheckrange+0x101/0x190 mm/kasan/generic.c:189 Code: 07 49 39 d1 75 0a 45 3a 11 b8 01 00 00 00 7c 0b 44 89 c2 e8 21 ed ff ff 83 f0 01 5b 5d 41 5c c3 48 85 d2 74 4f 48 01 ea eb 09 <48> 83 c0 01 48 39 d0 74 41 80 38 00 74 f2 eb b6 41 bc 08 00 00 00 RSP: 0018:ffffc90012dcf998 EFLAGS: 00000046 RAX: fffffbfff258af1e RBX: fffffbfff258af1f RCX: ffffffff8168eda3 RDX: fffffbfff258af1f RSI: 0000000000000004 RDI: ffffffff92c578f0 RBP: fffffbfff258af1e R08: 0000000000000000 R09: fffffbfff258af1e R10: ffffffff92c578f3 R11: ffffffff8acbcbc0 R12: 0000000000000002 R13: ffff88806db38400 R14: 1ffff920025b9f42 R15: ffffffff92c578e8 FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00994e078 CR3: 000000002c250000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <NMI> </NMI> <TASK> instrumentatomicread include/linux/instrumented.h:68 [inline] atomicread include/linux/atomic/atomic-instrumented.h:32 [inline] queuedspinislocked include/asm-generic/qspinlock.h:57 [inline] debugspinunlock kernel/locking/spinlockdebug.c:101 [inline] dorawspinunlock+0x53/0x230 kernel/locking/spinlockdebug.c:141 _rawspinunlockirqrestore include/linux/spinlockapismp.h:150 [inline] rawspinunlockirqrestore+0x22/0x70 kernel/locking/spinlock.c:194 debugobjectactivate+0x349/0x540 lib/debugobjects.c:726 debugworkactivate kernel/workqueue.c:578 [inline] insertwork+0x30/0x230 kernel/workqueue.c:1650 _queuework+0x62e/0x11d0 kernel/workqueue.c:1802 _queuedelayedwork+0x1bf/0x270 kernel/workqueue.c:1953 queuedelayedworkon+0x106/0x130 kernel/workqueue.c:1989 queuedelayedwork include/linux/workqueue.h:563 [inline] scheduledelayedwork include/linux/workqueue.h:677 [inline] nsimdevtrapreportwork+0x9c0/0xc80 drivers/net/netdevsim/dev.c:842 processonework+0x886/0x15d0 kernel/workqueue.c:2633 processscheduledworks kernel/workqueue.c:2706 [inline] workerthread+0x8b9/0x1290 kernel/workqueue.c:2787 kthread+0x2c6/0x3a0 kernel/kthread.c:388 retfromfork+0x45/0x80 arch/x86/kernel/process.c:147 retfromforkasm+0x11/0x20 arch/x86/entry/entry64.S:242 </TASK>

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
012ec02ae4410207f796a9b280a60b80b6cc790a
Fixed
0193e0660cc6689c794794b471492923cfd7bfbc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
012ec02ae4410207f796a9b280a60b80b6cc790a
Fixed
6eecddd9c3c8d6e3a097531cdc6d500335b35e46
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
012ec02ae4410207f796a9b280a60b80b6cc790a
Fixed
d91964cdada76740811b7c621239f9c407820dbc
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
012ec02ae4410207f796a9b280a60b80b6cc790a
Fixed
ba5e1272142d051dcc57ca1d3225ad8a089f9858

Affected versions

v5.*

v5.19
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.1
v6.1-rc1
v6.1-rc2
v6.1-rc3
v6.1-rc4
v6.1-rc5
v6.1-rc6
v6.1-rc7
v6.1-rc8
v6.1.1
v6.1.10
v6.1.11
v6.1.12
v6.1.13
v6.1.14
v6.1.15
v6.1.16
v6.1.17
v6.1.18
v6.1.19
v6.1.2
v6.1.20
v6.1.21
v6.1.22
v6.1.23
v6.1.24
v6.1.25
v6.1.26
v6.1.27
v6.1.28
v6.1.29
v6.1.3
v6.1.30
v6.1.31
v6.1.32
v6.1.33
v6.1.34
v6.1.35
v6.1.36
v6.1.37
v6.1.38
v6.1.39
v6.1.4
v6.1.40
v6.1.41
v6.1.42
v6.1.43
v6.1.44
v6.1.45
v6.1.46
v6.1.47
v6.1.48
v6.1.49
v6.1.5
v6.1.50
v6.1.51
v6.1.52
v6.1.53
v6.1.54
v6.1.55
v6.1.56
v6.1.57
v6.1.58
v6.1.59
v6.1.6
v6.1.60
v6.1.61
v6.1.62
v6.1.63
v6.1.64
v6.1.65
v6.1.66
v6.1.67
v6.1.68
v6.1.69
v6.1.7
v6.1.70
v6.1.71
v6.1.72
v6.1.73
v6.1.74
v6.1.75
v6.1.76
v6.1.77
v6.1.8
v6.1.9
v6.2
v6.2-rc1
v6.2-rc2
v6.2-rc3
v6.2-rc4
v6.2-rc5
v6.2-rc6
v6.2-rc7
v6.2-rc8
v6.3
v6.3-rc1
v6.3-rc2
v6.3-rc3
v6.3-rc4
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.2
v6.6.3
v6.6.4
v6.6.5
v6.6.6
v6.6.7
v6.6.8
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.7.1
v6.7.2
v6.7.3
v6.7.4
v6.8-rc1
v6.8-rc2

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.0.0
Fixed
6.1.78
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.17
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.7.5