CPU State Handling Vulnerability in Linux Kernel by The Linux Foundation
CVE-2024-57951

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 February 2025

Summary

A vulnerability exists within the Linux kernel's handling of CPU states during hotplug operations. This issue arises when a CPU transitions through various states, particularly from online to unplugged and back. The hrtimers_prepare_cpu() function fails to execute, resulting in the hrtick being incorrectly assumed as active, which can lead to the clockevent device becoming permanently stuck in a mode that hampers its functionality. Additionally, the CPU's online state may not be properly reset, causing potential instability with dangling pointers. To mitigate this risk, a callback mechanism has been introduced to properly reset the CPU state and ensure consistent behavior during hotplug processes.

Affected Version(s)

Linux 54d0d83a53508d687fd4a225f8aa1f18559562d0 < 95e4f62df23f4df1ce6ef897d44b8e23c260921a

Linux 7f4c89400d2997939f6971c7981cc780a219e36b < 14984139f1f2768883332965db566ef26db609e7

Linux 6fcbcc6c8e52650749692c7613cbe71bf601670d < 15b453db41d36184cf0ccc21e7df624014ab6a1a

References

https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d...

https://git.kernel.org/stable/c/14984139f1f2768883332965d...

https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jan 19, 2025