CVE-2024-26841: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Update cpu_sibling_map when disabling nonboot CPUs by defining & calling clear_cpu_sibling_map(), otherwise we get such errors on SMT systems: jump label: negative count! WARNING: CPU: 6 PID: 45 at kernel/jump_label.c:263 __static_key_slow_dec_cpuslocked+0xec/0x100 CPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340 pc 90000000004c302c ra 90000000004c302c tp 90000001005bc000 sp 90000001005bfd20 a0 000000000000001b a1 900000000224c278 a2 90000001005bfb58 a3 900000000224c280 a4 900000000224c278 a5 90000001005bfb50 a6 0000000000000001 a7 0000000000000001 t0 ce87a4763eb5234a t1 ce87a4763eb5234a t2 0000000000000000 t3 0000000000000000 t4 0000000000000006 t5 0000000000000000 t6 0000000000000064 t7 0000000000001964 t8 000000000009ebf6 u0 9000000001f2a068 s9 0000000000000000 s0 900000000246a2d8 s1 ffffffffffffffff s2 ffffffffffffffff s3 90000000021518c0 s4 0000000000000040 s5 9000000002151058 s6 9000000009828e40 s7 00000000000000b4 s8 0000000000000006 ra: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100 ERA: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000004 (PPLV0 +PIE -PWE) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071c1c (LIE=2-4,10-12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0) PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV) CPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340 Stack : 0000000000000000 900000000203f258 900000000179afc8 90000001005bc000 90000001005bf980 0000000000000000 90000001005bf988 9000000001fe0be0 900000000224c280 900000000224c278 90000001005bf8c0 0000000000000001 0000000000000001 ce87a4763eb5234a 0000000007f38000 90000001003f8cc0 0000000000000000 0000000000000006 0000000000000000 4c206e6f73676e6f 6f4c203a656d616e 000000000009ec99 0000000007f38000 0000000000000000 900000000214b000 9000000001fe0be0 0000000000000004 0000000000000000 0000000000000107 0000000000000009 ffffffffffafdabe 00000000000000b4 0000000000000006 90000000004c302c 9000000000224528 00005555939a0c7c 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c ... Call Trace: [<9000000000224528>] show_stack+0x48/0x1a0 [<900000000179afc8>] dump_stack_lvl+0x78/0xa0 [<9000000000263ed0>] __warn+0x90/0x1a0 [<90000000017419b8>] report_bug+0x1b8/0x280 [<900000000179c564>] do_bp+0x264/0x420 [<90000000004c302c>] __static_key_slow_dec_cpuslocked+0xec/0x100 [<90000000002b4d7c>] sched_cpu_deactivate+0x2fc/0x300 [<9000000000266498>] cpuhp_invoke_callback+0x178/0x8a0 [<9000000000267f70>] cpuhp_thread_fun+0xf0/0x240 [<90000000002a117c>] smpboot_thread_fn+0x1dc/0x2e0 [<900000000029a720>] kthread+0x140/0x160 [<9000000000222288>] ret_from_kernel_thread+0xc/0xa4
AI Analysis
Technical Summary
CVE-2024-26841 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture, which is a CPU architecture developed primarily in China. The issue arises from improper handling of the cpu_sibling_map when disabling non-boot CPUs in symmetric multithreading (SMT) systems. The vulnerability is due to the failure to properly clear the cpu_sibling_map by defining and calling the clear_cpu_sibling_map() function during CPU deactivation. This leads to kernel warnings and errors such as "jump label: negative count!" and CPU warnings during the CPU hotplug process. The error trace indicates a problem in the __static_key_slow_dec_cpuslocked function, which is involved in managing static keys used for performance optimizations in the kernel. The problem manifests when CPUs are disabled, causing inconsistencies in the CPU sibling map, which is critical for managing CPU topology and scheduling. The vulnerability is specific to the LoongArch CPU architecture and Linux kernel versions around 6.8.0-rc5+. Although the vulnerability does not appear to have a known exploit in the wild, it can cause system instability or kernel panics on affected systems, particularly those using SMT and CPU hotplug features. The root cause is a missing call to clear_cpu_sibling_map() during CPU deactivation, which leads to corrupted CPU topology data structures and subsequent kernel warnings or crashes.
Potential Impact
For European organizations, the impact of CVE-2024-26841 is primarily related to system stability and availability on servers or devices running Linux on LoongArch architecture CPUs. While LoongArch is not widely deployed in Europe compared to x86 or ARM architectures, organizations using specialized hardware or embedded systems with LoongArch CPUs could experience kernel panics or degraded performance due to this vulnerability. This could affect critical infrastructure, research institutions, or companies involved in hardware development or testing that utilize LoongArch-based systems. The vulnerability could lead to denial of service conditions if CPUs are dynamically disabled or hotplugged, impacting high-availability environments. However, since there is no evidence of remote code execution or privilege escalation, the confidentiality and integrity impacts are limited. The main risk is operational disruption and potential downtime in affected systems, which could have cascading effects in environments relying on continuous uptime.
Mitigation Recommendations
To mitigate CVE-2024-26841, European organizations should: 1) Apply the official Linux kernel patches that address this issue by ensuring the clear_cpu_sibling_map() function is properly called during CPU deactivation on LoongArch systems. 2) Avoid disabling non-boot CPUs dynamically on affected kernel versions until patches are applied, especially in production environments. 3) Monitor kernel logs for warnings related to "jump label: negative count!" or CPU hotplug errors to detect potential exploitation or system instability. 4) For organizations using custom or embedded Linux distributions on LoongArch, coordinate with vendors or maintainers to integrate the fix promptly. 5) Implement rigorous testing of kernel updates in staging environments that replicate production SMT configurations to prevent unexpected downtime. 6) Maintain updated inventories of hardware architectures in use to identify any LoongArch deployments and prioritize patching accordingly. 7) Consider disabling SMT or CPU hotplug features temporarily if feasible, as a short-term workaround to reduce exposure until patches are deployed.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2024-26841: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Update cpu_sibling_map when disabling nonboot CPUs Update cpu_sibling_map when disabling nonboot CPUs by defining & calling clear_cpu_sibling_map(), otherwise we get such errors on SMT systems: jump label: negative count! WARNING: CPU: 6 PID: 45 at kernel/jump_label.c:263 __static_key_slow_dec_cpuslocked+0xec/0x100 CPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340 pc 90000000004c302c ra 90000000004c302c tp 90000001005bc000 sp 90000001005bfd20 a0 000000000000001b a1 900000000224c278 a2 90000001005bfb58 a3 900000000224c280 a4 900000000224c278 a5 90000001005bfb50 a6 0000000000000001 a7 0000000000000001 t0 ce87a4763eb5234a t1 ce87a4763eb5234a t2 0000000000000000 t3 0000000000000000 t4 0000000000000006 t5 0000000000000000 t6 0000000000000064 t7 0000000000001964 t8 000000000009ebf6 u0 9000000001f2a068 s9 0000000000000000 s0 900000000246a2d8 s1 ffffffffffffffff s2 ffffffffffffffff s3 90000000021518c0 s4 0000000000000040 s5 9000000002151058 s6 9000000009828e40 s7 00000000000000b4 s8 0000000000000006 ra: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100 ERA: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 00000004 (PPLV0 +PIE -PWE) EUEN: 00000000 (-FPE -SXE -ASXE -BTE) ECFG: 00071c1c (LIE=2-4,10-12 VS=7) ESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0) PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV) CPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340 Stack : 0000000000000000 900000000203f258 900000000179afc8 90000001005bc000 90000001005bf980 0000000000000000 90000001005bf988 9000000001fe0be0 900000000224c280 900000000224c278 90000001005bf8c0 0000000000000001 0000000000000001 ce87a4763eb5234a 0000000007f38000 90000001003f8cc0 0000000000000000 0000000000000006 0000000000000000 4c206e6f73676e6f 6f4c203a656d616e 000000000009ec99 0000000007f38000 0000000000000000 900000000214b000 9000000001fe0be0 0000000000000004 0000000000000000 0000000000000107 0000000000000009 ffffffffffafdabe 00000000000000b4 0000000000000006 90000000004c302c 9000000000224528 00005555939a0c7c 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c ... Call Trace: [<9000000000224528>] show_stack+0x48/0x1a0 [<900000000179afc8>] dump_stack_lvl+0x78/0xa0 [<9000000000263ed0>] __warn+0x90/0x1a0 [<90000000017419b8>] report_bug+0x1b8/0x280 [<900000000179c564>] do_bp+0x264/0x420 [<90000000004c302c>] __static_key_slow_dec_cpuslocked+0xec/0x100 [<90000000002b4d7c>] sched_cpu_deactivate+0x2fc/0x300 [<9000000000266498>] cpuhp_invoke_callback+0x178/0x8a0 [<9000000000267f70>] cpuhp_thread_fun+0xf0/0x240 [<90000000002a117c>] smpboot_thread_fn+0x1dc/0x2e0 [<900000000029a720>] kthread+0x140/0x160 [<9000000000222288>] ret_from_kernel_thread+0xc/0xa4
AI-Powered Analysis
Technical Analysis
CVE-2024-26841 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture, which is a CPU architecture developed primarily in China. The issue arises from improper handling of the cpu_sibling_map when disabling non-boot CPUs in symmetric multithreading (SMT) systems. The vulnerability is due to the failure to properly clear the cpu_sibling_map by defining and calling the clear_cpu_sibling_map() function during CPU deactivation. This leads to kernel warnings and errors such as "jump label: negative count!" and CPU warnings during the CPU hotplug process. The error trace indicates a problem in the __static_key_slow_dec_cpuslocked function, which is involved in managing static keys used for performance optimizations in the kernel. The problem manifests when CPUs are disabled, causing inconsistencies in the CPU sibling map, which is critical for managing CPU topology and scheduling. The vulnerability is specific to the LoongArch CPU architecture and Linux kernel versions around 6.8.0-rc5+. Although the vulnerability does not appear to have a known exploit in the wild, it can cause system instability or kernel panics on affected systems, particularly those using SMT and CPU hotplug features. The root cause is a missing call to clear_cpu_sibling_map() during CPU deactivation, which leads to corrupted CPU topology data structures and subsequent kernel warnings or crashes.
Potential Impact
For European organizations, the impact of CVE-2024-26841 is primarily related to system stability and availability on servers or devices running Linux on LoongArch architecture CPUs. While LoongArch is not widely deployed in Europe compared to x86 or ARM architectures, organizations using specialized hardware or embedded systems with LoongArch CPUs could experience kernel panics or degraded performance due to this vulnerability. This could affect critical infrastructure, research institutions, or companies involved in hardware development or testing that utilize LoongArch-based systems. The vulnerability could lead to denial of service conditions if CPUs are dynamically disabled or hotplugged, impacting high-availability environments. However, since there is no evidence of remote code execution or privilege escalation, the confidentiality and integrity impacts are limited. The main risk is operational disruption and potential downtime in affected systems, which could have cascading effects in environments relying on continuous uptime.
Mitigation Recommendations
To mitigate CVE-2024-26841, European organizations should: 1) Apply the official Linux kernel patches that address this issue by ensuring the clear_cpu_sibling_map() function is properly called during CPU deactivation on LoongArch systems. 2) Avoid disabling non-boot CPUs dynamically on affected kernel versions until patches are applied, especially in production environments. 3) Monitor kernel logs for warnings related to "jump label: negative count!" or CPU hotplug errors to detect potential exploitation or system instability. 4) For organizations using custom or embedded Linux distributions on LoongArch, coordinate with vendors or maintainers to integrate the fix promptly. 5) Implement rigorous testing of kernel updates in staging environments that replicate production SMT configurations to prevent unexpected downtime. 6) Maintain updated inventories of hardware architectures in use to identify any LoongArch deployments and prioritize patching accordingly. 7) Consider disabling SMT or CPU hotplug features temporarily if feasible, as a short-term workaround to reduce exposure until patches are deployed.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.182Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3d55
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:24:56 PM
Last updated: 8/13/2025, 6:48:34 AM
Views: 12
Related Threats
CVE-2025-41242: Vulnerability in VMware Spring Framework
MediumCVE-2025-47206: CWE-787 in QNAP Systems Inc. File Station 5
HighCVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.