CVE-2024-26873: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: [ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds. [ 4613.666297] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208 [ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas] [ 4613.691518] Call trace: [ 4613.694678] __switch_to+0xf8/0x17c [ 4613.698872] __schedule+0x660/0xee0 [ 4613.703063] schedule+0xac/0x240 [ 4613.706994] schedule_timeout+0x500/0x610 [ 4613.711705] __down+0x128/0x36c [ 4613.715548] down+0x240/0x2d0 [ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main] [ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas] [ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas] [ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main] [ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main] [ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas] [ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas] [ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas] [ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas] [ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas] [ 4613.784716] process_one_work+0x248/0x950 [ 4613.789424] worker_thread+0x318/0x934 [ 4613.793878] kthread+0x190/0x200 [ 4613.797810] ret_from_fork+0x10/0x18 [ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds. [ 4613.816026] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208 [ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main] [ 4613.841491] Call trace: [ 4613.844647] __switch_to+0xf8/0x17c [ 4613.848852] __schedule+0x660/0xee0 [ 4613.853052] schedule+0xac/0x240 [ 4613.856984] schedule_timeout+0x500/0x610 [ 4613.861695] __down+0x128/0x36c [ 4613.865542] down+0x240/0x2d0 [ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main] [ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main] [ 4613.883019] process_one_work+0x248/0x950 [ 4613.887732] worker_thread+0x318/0x934 [ 4613.892204] kthread+0x190/0x200 [ 4613.896118] ret_from_fork+0x10/0x18 [ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds. [ 4613.914341] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208 [ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas] [ 4613.939549] Call trace: [ 4613.942702] __switch_to+0xf8/0x17c [ 4613.946892] __schedule+0x660/0xee0 [ 4613.951083] schedule+0xac/0x240 [ 4613.955015] schedule_timeout+0x500/0x610 [ 4613.959725] wait_for_common+0x200/0x610 [ 4613.964349] wait_for_completion+0x3c/0x5c [ 4613.969146] flush_workqueue+0x198/0x790 [ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas] [ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas] [ 4613.985708] process_one_work+0x248/0x950 [ 4613.990420] worker_thread+0x318/0x934 [ 4613.994868] kthread+0x190/0x200 [ 4613.998800] ret_from_fork+0x10/0x18 This is because when the device goes offline, we obtain the hisi_hba semaphore and send the ABORT_DEV command to the device. However, the internal abort timed out due to the 2 bit ECC error and triggers automatic dump. In addition, since the hisi_hba semaphore has been obtained, the dump cannot be executed and the controller cannot be reset. Therefore, the deadlocks occur on the following circular dependencies ---truncated---
AI Analysis
Technical Summary
CVE-2024-26873 is a vulnerability identified in the Linux kernel specifically affecting the hisi_sas driver, which manages SAS (Serial Attached SCSI) devices on hardware using Huawei's HiSilicon SAS controllers. The issue arises from a deadlock condition triggered when a disabling PHY command is issued to a device, causing it to go offline. Concurrently, if a 2-bit ECC (Error Correcting Code) error occurs, the kernel's workqueue threads responsible for handling SAS device aborts and resets become blocked indefinitely. The root cause is a circular dependency involving the acquisition of the hisi_hba semaphore and the triggering of an automatic dump process. When the device goes offline, the driver obtains the hisi_hba semaphore and sends an ABORT_DEV command to the device. However, due to the ECC error, the internal abort times out and attempts to trigger an automatic dump. Since the semaphore is already held, the dump cannot proceed, preventing the controller reset and causing the kernel worker threads to hang. This results in hung tasks that block for more than 120 seconds, as evidenced by kernel log messages. The deadlock impacts the availability of the affected SAS devices and potentially the entire system relying on these storage controllers. Although no known exploits are reported in the wild, the vulnerability can cause system instability or denial of service on affected Linux systems using the hisi_sas driver. The affected versions are specific Linux kernel commits identified by their hashes, indicating that the issue is present in recent kernel versions prior to the patch. No CVSS score has been assigned yet, but the technical details and kernel logs provide insight into the severity and impact of the flaw.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or enterprise storage solutions running Linux on hardware with HiSilicon SAS controllers, this vulnerability poses a risk of system hangs and denial of service. The deadlock can cause critical storage devices to become unresponsive, potentially leading to application outages, data unavailability, and operational disruptions. Industries relying heavily on high-availability storage, such as finance, telecommunications, healthcare, and government, may experience significant impact if their Linux servers are affected. The inability to reset the controller or recover from the error without manual intervention could increase downtime and complicate incident response. While confidentiality and integrity impacts are not directly indicated, the availability impact is high. Additionally, the complexity of the issue means that recovery might require system reboots or hardware resets, increasing operational costs and risks. European organizations using custom or vendor Linux distributions that include the hisi_sas driver should assess their exposure carefully.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this deadlock issue in the hisi_sas driver as soon as they become available. Monitor Linux kernel mailing lists and vendor advisories for updates. 2. Identify and inventory all Linux systems using HiSilicon SAS controllers and the hisi_sas driver. 3. Where patching is not immediately possible, consider isolating affected systems from critical workloads or implementing redundancy to mitigate potential downtime. 4. Monitor kernel logs for hung task warnings related to kworker threads and SAS devices to detect early signs of this issue. 5. Implement proactive hardware error monitoring to detect ECC errors on SAS devices, enabling preemptive maintenance or failover. 6. Coordinate with hardware vendors to confirm firmware compatibility and updates that may reduce ECC errors or improve error handling. 7. Develop operational procedures for safely rebooting or resetting affected systems to recover from deadlocks without data loss. 8. Consider deploying kernel parameters or tuning workqueue timeouts as a temporary workaround, but only under expert guidance to avoid side effects.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-26873: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Fix a deadlock issue related to automatic dump If we issue a disabling PHY command, the device attached with it will go offline, if a 2 bit ECC error occurs at the same time, a hung task may be found: [ 4613.652388] INFO: task kworker/u256:0:165233 blocked for more than 120 seconds. [ 4613.666297] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.674809] task:kworker/u256:0 state:D stack: 0 pid:165233 ppid: 2 flags:0x00000208 [ 4613.683959] Workqueue: 0000:74:02.0_disco_q sas_revalidate_domain [libsas] [ 4613.691518] Call trace: [ 4613.694678] __switch_to+0xf8/0x17c [ 4613.698872] __schedule+0x660/0xee0 [ 4613.703063] schedule+0xac/0x240 [ 4613.706994] schedule_timeout+0x500/0x610 [ 4613.711705] __down+0x128/0x36c [ 4613.715548] down+0x240/0x2d0 [ 4613.719221] hisi_sas_internal_abort_timeout+0x1bc/0x260 [hisi_sas_main] [ 4613.726618] sas_execute_internal_abort+0x144/0x310 [libsas] [ 4613.732976] sas_execute_internal_abort_dev+0x44/0x60 [libsas] [ 4613.739504] hisi_sas_internal_task_abort_dev.isra.0+0xbc/0x1b0 [hisi_sas_main] [ 4613.747499] hisi_sas_dev_gone+0x174/0x250 [hisi_sas_main] [ 4613.753682] sas_notify_lldd_dev_gone+0xec/0x2e0 [libsas] [ 4613.759781] sas_unregister_common_dev+0x4c/0x7a0 [libsas] [ 4613.765962] sas_destruct_devices+0xb8/0x120 [libsas] [ 4613.771709] sas_do_revalidate_domain.constprop.0+0x1b8/0x31c [libsas] [ 4613.778930] sas_revalidate_domain+0x60/0xa4 [libsas] [ 4613.784716] process_one_work+0x248/0x950 [ 4613.789424] worker_thread+0x318/0x934 [ 4613.793878] kthread+0x190/0x200 [ 4613.797810] ret_from_fork+0x10/0x18 [ 4613.802121] INFO: task kworker/u256:4:316722 blocked for more than 120 seconds. [ 4613.816026] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.824538] task:kworker/u256:4 state:D stack: 0 pid:316722 ppid: 2 flags:0x00000208 [ 4613.833670] Workqueue: 0000:74:02.0 hisi_sas_rst_work_handler [hisi_sas_main] [ 4613.841491] Call trace: [ 4613.844647] __switch_to+0xf8/0x17c [ 4613.848852] __schedule+0x660/0xee0 [ 4613.853052] schedule+0xac/0x240 [ 4613.856984] schedule_timeout+0x500/0x610 [ 4613.861695] __down+0x128/0x36c [ 4613.865542] down+0x240/0x2d0 [ 4613.869216] hisi_sas_controller_prereset+0x58/0x1fc [hisi_sas_main] [ 4613.876324] hisi_sas_rst_work_handler+0x40/0x8c [hisi_sas_main] [ 4613.883019] process_one_work+0x248/0x950 [ 4613.887732] worker_thread+0x318/0x934 [ 4613.892204] kthread+0x190/0x200 [ 4613.896118] ret_from_fork+0x10/0x18 [ 4613.900423] INFO: task kworker/u256:1:348985 blocked for more than 121 seconds. [ 4613.914341] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 4613.922852] task:kworker/u256:1 state:D stack: 0 pid:348985 ppid: 2 flags:0x00000208 [ 4613.931984] Workqueue: 0000:74:02.0_event_q sas_port_event_worker [libsas] [ 4613.939549] Call trace: [ 4613.942702] __switch_to+0xf8/0x17c [ 4613.946892] __schedule+0x660/0xee0 [ 4613.951083] schedule+0xac/0x240 [ 4613.955015] schedule_timeout+0x500/0x610 [ 4613.959725] wait_for_common+0x200/0x610 [ 4613.964349] wait_for_completion+0x3c/0x5c [ 4613.969146] flush_workqueue+0x198/0x790 [ 4613.973776] sas_porte_broadcast_rcvd+0x1e8/0x320 [libsas] [ 4613.979960] sas_port_event_worker+0x54/0xa0 [libsas] [ 4613.985708] process_one_work+0x248/0x950 [ 4613.990420] worker_thread+0x318/0x934 [ 4613.994868] kthread+0x190/0x200 [ 4613.998800] ret_from_fork+0x10/0x18 This is because when the device goes offline, we obtain the hisi_hba semaphore and send the ABORT_DEV command to the device. However, the internal abort timed out due to the 2 bit ECC error and triggers automatic dump. In addition, since the hisi_hba semaphore has been obtained, the dump cannot be executed and the controller cannot be reset. Therefore, the deadlocks occur on the following circular dependencies ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-26873 is a vulnerability identified in the Linux kernel specifically affecting the hisi_sas driver, which manages SAS (Serial Attached SCSI) devices on hardware using Huawei's HiSilicon SAS controllers. The issue arises from a deadlock condition triggered when a disabling PHY command is issued to a device, causing it to go offline. Concurrently, if a 2-bit ECC (Error Correcting Code) error occurs, the kernel's workqueue threads responsible for handling SAS device aborts and resets become blocked indefinitely. The root cause is a circular dependency involving the acquisition of the hisi_hba semaphore and the triggering of an automatic dump process. When the device goes offline, the driver obtains the hisi_hba semaphore and sends an ABORT_DEV command to the device. However, due to the ECC error, the internal abort times out and attempts to trigger an automatic dump. Since the semaphore is already held, the dump cannot proceed, preventing the controller reset and causing the kernel worker threads to hang. This results in hung tasks that block for more than 120 seconds, as evidenced by kernel log messages. The deadlock impacts the availability of the affected SAS devices and potentially the entire system relying on these storage controllers. Although no known exploits are reported in the wild, the vulnerability can cause system instability or denial of service on affected Linux systems using the hisi_sas driver. The affected versions are specific Linux kernel commits identified by their hashes, indicating that the issue is present in recent kernel versions prior to the patch. No CVSS score has been assigned yet, but the technical details and kernel logs provide insight into the severity and impact of the flaw.
Potential Impact
For European organizations, especially those operating data centers, cloud infrastructure, or enterprise storage solutions running Linux on hardware with HiSilicon SAS controllers, this vulnerability poses a risk of system hangs and denial of service. The deadlock can cause critical storage devices to become unresponsive, potentially leading to application outages, data unavailability, and operational disruptions. Industries relying heavily on high-availability storage, such as finance, telecommunications, healthcare, and government, may experience significant impact if their Linux servers are affected. The inability to reset the controller or recover from the error without manual intervention could increase downtime and complicate incident response. While confidentiality and integrity impacts are not directly indicated, the availability impact is high. Additionally, the complexity of the issue means that recovery might require system reboots or hardware resets, increasing operational costs and risks. European organizations using custom or vendor Linux distributions that include the hisi_sas driver should assess their exposure carefully.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this deadlock issue in the hisi_sas driver as soon as they become available. Monitor Linux kernel mailing lists and vendor advisories for updates. 2. Identify and inventory all Linux systems using HiSilicon SAS controllers and the hisi_sas driver. 3. Where patching is not immediately possible, consider isolating affected systems from critical workloads or implementing redundancy to mitigate potential downtime. 4. Monitor kernel logs for hung task warnings related to kworker threads and SAS devices to detect early signs of this issue. 5. Implement proactive hardware error monitoring to detect ECC errors on SAS devices, enabling preemptive maintenance or failover. 6. Coordinate with hardware vendors to confirm firmware compatibility and updates that may reduce ECC errors or improve error handling. 7. Develop operational procedures for safely rebooting or resetting affected systems to recover from deadlocks without data loss. 8. Consider deploying kernel parameters or tuning workqueue timeouts as a temporary workaround, but only under expert guidance to avoid side effects.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.184Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982bc4522896dcbe3e20
Added to database: 5/21/2025, 9:08:59 AM
Last enriched: 6/29/2025, 7:41:43 PM
Last updated: 7/31/2025, 5:42:22 PM
Views: 12
Related Threats
CVE-2025-8975: Cross Site Scripting in givanz Vvveb
MediumCVE-2025-55716: CWE-862 Missing Authorization in VeronaLabs WP Statistics
MediumCVE-2025-55714: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crocoblock JetElements For Elementor
MediumCVE-2025-55713: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in CreativeThemes Blocksy
MediumCVE-2025-55712: CWE-862 Missing Authorization in POSIMYTH The Plus Addons for Elementor Page Builder Lite
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.