CVE-2024-26987
published 2024-05-01CVE-2024-26987: In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard…
PriorityP278medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.18%
7.2th percentile
In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
When I did hard offline test with hugetlb pages, below deadlock occurs:
WARNING: possible circular locking dependency detected
6.8.0-11409-gf6cef5f8c37f #1 Not tainted
bash/46904 is trying to acquire lock:
ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60
but task is already holding lock:
ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (pcp_batch_high_lock){+.+.}-{3:3}:
__mutex_lock+0x6c/0x770
page_alloc_cpu_online+0x3c/0x70
cpuhp_invoke_callback+0x397/0x5f0
__cpuhp_invoke_callback_range+0x71/0xe0
_cpu_up+0xeb/0x210
cpu_up+0x91/0xe0
cpuhp_bringup_mask+0x49/0xb0
bringup_nonboot_cpus+0xb7/0xe0
smp_init+0x25/0xa0
kernel_init_freeable+0x15f/0x3e0
kernel_init+0x15/0x1b0
ret_from_fork+0x2f/0x50
ret_from_fork_asm+0x1a/0x30
-> #0 (cpu_hotplug_lock){++++}-{0:0}:
__lock_acquire+0x1298/0x1cd0
lock_acquire+0xc0/0x2b0
cpus_read_lock+0x2a/0xc0
static_key_slow_dec+0x16/0x60
__hugetlb_vmemmap_restore_folio+0x1b9/0x200
dissolve_free_huge_page+0x211/0x260
__page_handle_poison+0x45/0xc0
memory_failure+0x65e/0xc70
hard_offline_page_store+0x55/0xa0
kernfs_fop_write_iter+0x12c/0x1d0
vfs_write+0x387/0x550
ksys_write+0x64/0xe0
do_syscall_64+0xca/0x1e0
entry_SYSCALL_64_after_hwframe+0x6d/0x75
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0 CPU1
---- ----
lock(pcp_batch_high_lock);
lock(cpu_hotplug_lock);
lock(pcp_batch_high_lock);
rlock(cpu_hotplug_lock);
*** DEADLOCK ***
5 locks held by bash/46904:
#0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0
#1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0
#2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 6.1.90-1 (bookworm) | linux 6.1.90-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| linux | linux | — | — |
| linux | linux | >= a6b40850c442bf996e729e1d441d3dbc37cea171 < 5ef7ba2799a3b5ed292b8f6407376e2c25ef002e | 5ef7ba2799a3b5ed292b8f6407376e2c25ef002e |
| linux | linux | >= a6b40850c442bf996e729e1d441d3dbc37cea171 < 882e1180c83f5b75bae03d0ccc31ccedfe5159de | 882e1180c83f5b75bae03d0ccc31ccedfe5159de |
| linux | linux | >= a6b40850c442bf996e729e1d441d3dbc37cea171 < 49955b24002dc16a0ae2e83a57a2a6c863a1845c | 49955b24002dc16a0ae2e83a57a2a6c863a1845c |
| linux | linux | >= a6b40850c442bf996e729e1d441d3dbc37cea171 < 1983184c22dd84a4d95a71e5c6775c2638557dc7 | 1983184c22dd84a4d95a71e5c6775c2638557dc7 |
| linux | linux_kernel | — | — |
| linux | linux_kernel | >= 0 < 6.1.90-1 | 6.1.90-1 |
| linux | linux_kernel | >= 0 < 6.8.9-1 | 6.8.9-1 |
| linux | linux_kernel | >= 0 < 6.8.9-1 | 6.8.9-1 |
| linux | linux_kernel | >= 0 < 6.8.0-38.38 | 6.8.0-38.38 |
| linux | linux_kernel | >= 5.18 < 6.1.88 | 6.1.88 |
| linux | linux_kernel | >= 6.2 < 6.6.29 | 6.6.29 |
| linux | linux_kernel | >= 6.7 < 6.8.8 | 6.8.8 |
| msrc | azl3_hyperv-daemons_6.6.22.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_hyperv-daemons_6.6.35.1-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.22.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_kernel_6.6.35.1-5_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Deadlock condition is triggered via the hard_offline_page_store sysfs write path when hugetlb_optimize_vmemmap is enabled; monitor for kernel WARNING messages indicating circular locking dependency between pcp_batch_high_lock and cpu_hotplug_lock ↗
- →The deadlock call chain to watch for in kernel stack traces: hard_offline_page_store -> memory_failure -> __page_handle_poison -> dissolve_free_huge_page -> __hugetlb_vmemmap_restore_folio -> static_key_slow_dec -> cpus_read_lock (acquiring cpu_hotplug_lock while pcp_batch_high_lock is held) ↗
- →Look for kernel crash/hang events with 5 locks held by a process (sb_writers, of->mutex, kn->active, mf_mutex, pcp_batch_high_lock) as a signature of this deadlock scenario ↗
- ·Vulnerability only manifests when the hugetlb_optimize_vmemmap kernel feature is enabled; systems without this feature active are not affected by this deadlock ↗
- ·Red Hat Enterprise Linux 8 is not affected; RHEL 9 kernel-rt is affected and addressed via RHSA-2024:9315 ↗
- ·Debian fixed versions: bookworm fixed in 6.1.90-1, forky/sid/trixie fixed in 6.8.9-1; systems running kernel versions prior to these are vulnerable when hugetlb_optimize_vmemmap is active ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.8MEDIUM
vulncheck5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
vendor_ubuntu4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-oracle vulnerabilities
osv·2024-07-26
linux-oracle vulnerabilities
linux-oracle vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Cryptographic API;
- Buffer Sharing and Synchronization framew
OSV
linux-aws vulnerabilities
osv·2024-07-23·CVSS 6.8
CVE-2024-24857 [MEDIUM] linux-aws vulnerabilities
linux-aws vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Cryptographic AP
OSV
linux-gke, linux-nvidia vulnerabilities
osv·2024-07-16·CVSS 6.8
CVE-2024-24857 [MEDIUM] linux-gke, linux-nvidia vulnerabilities
linux-gke, linux-nvidia vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Cr
OSV
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities
osv·2024-07-11·CVSS 6.8
CVE-2024-24857 [MEDIUM] linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities
linux, linux-azure, linux-gcp, linux-ibm, linux-intel, linux-lowlatency, linux-oem-6.8, linux-raspi vulnerabilities
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
-
OSV
CVE-2024-26987: In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I di
osv·2024-05-01·CVSS 5.5
CVE-2024-26987 [MEDIUM] CVE-2024-26987: In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I di
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mut
GHSA
GHSA-vh5c-fh26-4h3r: In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
When I
ghsa_unreviewed·2024-05-01
CVE-2024-26987 [MEDIUM] CWE-667 GHSA-vh5c-fh26-4h3r: In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
When I
In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
When I did hard offline test with hugetlb pages, below deadlock occurs:
WARNING: possible circular locking dependency detected
6.8.0-11409-gf6cef5f8c37f #1 Not tainted
bash/46904 is trying to acquire lock:
ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60
but task is already holding lock:
ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (pcp_batch_high_lock){+.+.}-{3:3}:
__mutex_lock+0x6c/0x770
page_alloc_cpu_online+0x3c/0x70
cpuhp_invoke_callback+0x397/0x5f0
__cpuhp_invoke_cal
VulnCheck
Linux Kernel Improper Locking
vulncheck·2024·CVSS 5.5
CVE-2024-26987 [MEDIUM] Linux Kernel Improper Locking
Linux Kernel Improper Locking
In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
When I did hard offline test with hugetlb pages, below deadlock occurs:
WARNING: possible circular locking dependency detected
6.8.0-11409-gf6cef5f8c37f #1 Not tainted
bash/46904 is trying to acquire lock:
ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60
but task is already holding lock:
ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (pcp_batch_high_lock){+.+.}-{3:3}:
__mutex_lock+0x6c/0x770
page_alloc_cpu_online+0x3c/0x70
cpuhp_invoke_callback
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-07-26
CVE-2024-35929 Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framework and drivers;
- Data acquisition framework and
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-07-23·CVSS 4.6
CVE-2024-35967 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framewo
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-07-16·CVSS 4.6
CVE-2024-35946 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framewo
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2024-07-11·CVSS 4.6
CVE-2024-35977 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the Linux kernel.
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel when modifying certain settings values through debugfs.
A privileged local attacker could use this to cause a denial of service.
(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- Block layer subsystem;
- Compute Acceleration Framework;
- Accessibility subsystem;
- Android drivers;
- Drivers core;
- Bluetooth drivers;
- Clock framewo
Microsoft
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
vendor_msrc·2024-05-14·CVSS 5.5
CVE-2024-26987 [MEDIUM] CWE-667 mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Referen
Red Hat
kernel: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
vendor_redhat·2024-05-01·CVSS 5.5
CVE-2024-26987 [MEDIUM] kernel: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
kernel: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
In the Linux kernel, the following vulnerability has been resolved:
mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
When I did hard offline test with hugetlb pages, below deadlock occurs:
WARNING: possible circular locking dependency detected
6.8.0-11409-gf6cef5f8c37f #1 Not tainted
bash/46904 is trying to acquire lock:
ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60
but task is already holding lock:
ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40
which lock already depends on the new lock.
the existing dependency chain (in reverse order) is:
-> #1 (pcp_batch_high_lock){+.+.}-{3:3}:
__mutex_lock+0x6c/0x770
page_allo
Debian
CVE-2024-26987: linux - In the Linux kernel, the following vulnerability has been resolved: mm/memory-f...
vendor_debian·2024·CVSS 5.5
CVE-2024-26987 [MEDIUM] CVE-2024-26987: linux - In the Linux kernel, the following vulnerability has been resolved: mm/memory-f...
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mut
No detection rules found.
No public exploits indexed.
https://git.kernel.org/stable/c/1983184c22dd84a4d95a71e5c6775c2638557dc7https://git.kernel.org/stable/c/49955b24002dc16a0ae2e83a57a2a6c863a1845chttps://git.kernel.org/stable/c/5ef7ba2799a3b5ed292b8f6407376e2c25ef002ehttps://git.kernel.org/stable/c/882e1180c83f5b75bae03d0ccc31ccedfe5159dehttps://git.kernel.org/stable/c/1983184c22dd84a4d95a71e5c6775c2638557dc7https://git.kernel.org/stable/c/49955b24002dc16a0ae2e83a57a2a6c863a1845chttps://git.kernel.org/stable/c/5ef7ba2799a3b5ed292b8f6407376e2c25ef002ehttps://git.kernel.org/stable/c/882e1180c83f5b75bae03d0ccc31ccedfe5159dehttps://lists.fedoraproject.org/archives/list/[email protected]/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/https://lists.fedoraproject.org/archives/list/[email protected]/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/https://lists.fedoraproject.org/archives/list/[email protected]/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/
2024-05-01
Published
Exploited in the wild