CVE-2024-36908
- Source
- https://cve.org/CVERecord?id=CVE-2024-36908
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36908.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-36908
- Downstream
- Related
- Published
- 2024-05-30T15:29:07.773Z
- Modified
- 2026-03-20T12:36:51.435370Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- blk-iocost: do not WARN if iocg was already offlined
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
blk-iocost: do not WARN if iocg was already offlined
In iocgpaydebt(), warn is triggered if 'activelist' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk removal, if iocgwaitqtimerfn() is run at that time:
WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocgpaydebt+0x14c/0x190 Call trace: iocgpaydebt+0x14c/0x190 iocgkickwaitq+0x438/0x4c0 iocgwaitqtimer_fn+0xd8/0x130 __run_hrtimer+0x144/0x45c _hrtimerrunqueues+0x16c/0x244 hrtimerinterrupt+0x2cc/0x7b0
The warn in this situation is meaningless. Since this iocg is being removed, the state of the 'activelist' is irrelevant, and 'waitqtimer' is canceled after removing 'activelist' in iocpdfree(), which ensures iocg is freed after iocgwaitqtimerfn() returns.
Therefore, add the check if iocg was already offlined to avoid warn when removing a blkcg or disk.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36908.json", "cna_assigner": "Linux" }- References
-
- https://git.kernel.org/stable/c/01bc4fda9ea0a6b52f12326486f07a4910666cf6
- https://git.kernel.org/stable/c/14b3275f93d4a0d8ddc02195bc4e9869b7a3700e
- https://git.kernel.org/stable/c/1c172ac7afe4442964f4153b2c78fe4e005d9d67
- https://git.kernel.org/stable/c/56a9d07f427378eeb75b917bb49c6fbea8204126
- https://git.kernel.org/stable/c/7d215e013d097ed6fc4b0ad0272c9514214dc408
- https://git.kernel.org/stable/c/aed0aac18f039dd4af13c143063754efca358cb0
- https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
- https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36908.json
- https://nvd.nist.gov/vuln/detail/CVE-2024-36908
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced7caa47151ab2e644dd221f741ec7578d9532c9a3Fixed56a9d07f427378eeb75b917bb49c6fbea8204126Fixed7d215e013d097ed6fc4b0ad0272c9514214dc408Fixedaed0aac18f039dd4af13c143063754efca358cb0Fixed1c172ac7afe4442964f4153b2c78fe4e005d9d67Fixed14b3275f93d4a0d8ddc02195bc4e9869b7a3700eFixed01bc4fda9ea0a6b52f12326486f07a4910666cf6