Linux Kernel CPU Hotplug Removal Vulnerability in s390 Products
CVE-2024-57849
What is CVE-2024-57849?
A vulnerability exists in the Linux kernel's handling of CPU hotplug operations within the s390 architecture. Specifically, when a CPU is hot-plugged off, the associated performance monitoring unit (PMU) deallocates sampling data buffers. However, if an event remains active on the removed CPU, the kernel's performance subsystem attempts to retrieve samples from buffers that may already have been freed. This could lead to a use-after-free scenario, potentially exposing invalid data. To mitigate this, there needs to be a check to ascertain whether the CPU remains in a reserved state. If the PMU_F_RESERVED bit is set, it indicates that the buffers are still valid; otherwise, they may be lost. Prompt application of the provided fixes is essential to ensure system integrity and performance.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Linux e3d617fe6ac7294974fc513dc5e4d8ada8080fd1 < 238e3af849dfdcb1faed544349f7025e533f9aab
Linux e3d617fe6ac7294974fc513dc5e4d8ada8080fd1 < 99192c735ed4bfdff0d215ec85c8a87a677cb898
Linux e3d617fe6ac7294974fc513dc5e4d8ada8080fd1 < 06a92f810df8037ca36157282ddcbefdcaf049b8