CVE-2024-50249
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-50249
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50249.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-50249
- Downstream
- Related
- Published
- 2024-11-09T11:15:10Z
- Modified
- 2025-07-01T16:09:31.326142Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
ACPI: CPPC: Make rmwlock a rawspin_lock
The following BUG was triggered:
============================= [ BUG: Invalid wait context ]
6.12.0-rc2-XXX #406 Not tainted
kworker/1:1/62 is trying to lock: ffffff8801593030 (&cpcptr->rmwlock){+.+.}-{3:3}, at: cpcwrite+0xcc/0x370 other info that might help us debug this: context-{5:5} 2 locks held by kworker/1:1/62: #0: ffffff897ef5ec98 (&rq->lock){-.-.}-{2:2}, at: rawspinrqlocknested+0x2c/0x50 #1: ffffff880154e238 (&sgpolicy->updatelock){....}-{2:2}, at: sugovupdateshared+0x3c/0x280 stack backtrace: CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406 Workqueue: 0x0 (events) Call trace: dumpbacktrace+0xa4/0x130 showstack+0x20/0x38 dumpstacklvl+0x90/0xd0 dumpstack+0x18/0x28 _lockacquire+0x480/0x1ad8 lockacquire+0x114/0x310 _rawspinlock+0x50/0x70 cpcwrite+0xcc/0x370 cppcsetperf+0xa0/0x3a8 cppccpufreqfastswitch+0x40/0xc0 cpufreqdriverfastswitch+0x4c/0x218 sugovupdateshared+0x234/0x280 updateloadavg+0x6ec/0x7b8 dequeueentities+0x108/0x830 dequeuetaskfair+0x58/0x408 _schedule+0x4f0/0x1070 schedule+0x54/0x130 workerthread+0xc0/0x2e8 kthread+0x130/0x148 retfrom_fork+0x10/0x20
sugovupdateshared() locks a rawspinlock while cpcwrite() locks a spinlock.
To have a correct wait-type order, update rmw_lock to a raw spinlock and ensure that interrupts will be disabled on the CPU holding it.
[ rjw: Changelog edits ]
- References
-
- https://git.kernel.org/stable/c/0eb2b767c42fac61ab23c4063eb456baa4c2c262
- https://git.kernel.org/stable/c/1c10941e34c5fdc0357e46a25bd130d9cf40b925
- https://git.kernel.org/stable/c/23039b4aaf1e82e0feea1060834d4ec34262e453
- https://git.kernel.org/stable/c/43b1df48d1e7000a214acd1a81b8012ca8a929c8
- https://git.kernel.org/stable/c/c46d6b02588000c27b7b869388c2c0278bd0d173
- https://security-tracker.debian.org/tracker/CVE-2024-50249
Affected packages
Debian:12 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.1.119-1
Affected versions
6.*
Debian:13 / linux
Package
- Name
- linux
- Purl
- pkg:deb/debian/linux?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.11.7-1
Affected versions
6.*
Debian:11 / linux-6.1
Package
- Name
- linux-6.1
- Purl
- pkg:deb/debian/linux-6.1?arch=source