CVE-2024-26987: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK *** 5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 stack backtrace: CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fc862314887 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887 RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001 RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00 In short, below scene breaks the ---truncated---
AI Analysis
Technical Summary
CVE-2024-26987 is a vulnerability identified in the Linux kernel related to a deadlock condition occurring when the hugetlb_optimize_vmemmap feature is enabled. The issue arises specifically in the memory management subsystem, particularly within the handling of huge pages (hugetlb). The vulnerability manifests during hard offline testing of huge pages, where a circular locking dependency leads to a deadlock. The deadlock involves two kernel locks: cpu_hotplug_lock and pcp_batch_high_lock. The kernel attempts to acquire these locks in an order that creates a circular wait condition, causing the system to hang. The detailed kernel stack traces show that the deadlock occurs during operations related to memory failure handling and page poisoning, specifically in the functions __hugetlb_vmemmap_restore_folio, dissolve_free_huge_page, and memory_failure. The deadlock is triggered when a process (e.g., bash) holds multiple locks and attempts to acquire another lock that is already involved in a circular dependency. This can halt kernel operations related to CPU hotplugging and memory failure management. The vulnerability is present in Linux kernel versions prior to the patch that resolved this deadlock scenario. It is important to note that this issue is not related to a security breach such as privilege escalation or information disclosure but rather a stability and availability concern due to kernel deadlock. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was reserved in February 2024 and published in May 2024, indicating recent discovery and patching efforts.
Potential Impact
For European organizations, the primary impact of CVE-2024-26987 is on system stability and availability rather than confidentiality or integrity. Systems running Linux kernels with hugetlb_optimize_vmemmap enabled and handling huge pages in environments that perform memory failure testing or CPU hotplug operations are at risk of experiencing kernel deadlocks. This can lead to system hangs, requiring reboots and causing downtime. Critical infrastructure, data centers, cloud providers, and enterprises relying on Linux servers for high-performance computing or memory-intensive applications may face operational disruptions. The deadlock could affect virtualized environments and containerized workloads where huge pages are used to optimize memory performance. Although no direct exploitation for privilege escalation or data theft is indicated, the denial-of-service-like effect can impact service availability, potentially violating SLAs and causing financial and reputational damage. Organizations with automated memory failure handling or CPU hotplugging in their Linux systems are particularly vulnerable. The lack of known exploits reduces immediate risk, but unpatched systems remain susceptible to stability issues.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes the deadlock condition as soon as it becomes available from trusted Linux distributions or the kernel mainline. 2. Temporarily disable the hugetlb_optimize_vmemmap feature if patching is not immediately feasible, to avoid triggering the deadlock scenario. 3. Review and audit kernel configurations and memory management settings related to huge pages and CPU hotplugging to ensure they align with best practices and do not enable unnecessary features that increase risk. 4. Implement robust monitoring of kernel logs and system health to detect early signs of deadlocks or hangs related to memory failure or CPU hotplug operations. 5. For virtualized or containerized environments, coordinate with hypervisor and container orchestration teams to manage huge page usage carefully and avoid configurations that might trigger this vulnerability. 6. Maintain updated backups and disaster recovery plans to minimize downtime impact if a deadlock occurs. 7. Engage with Linux vendor support channels for guidance on backported patches and kernel updates tailored to specific distributions used within the organization.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Belgium, Italy, Spain
CVE-2024-26987: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60 but task is already holding lock: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (pcp_batch_high_lock){+.+.}-{3:3}: __mutex_lock+0x6c/0x770 page_alloc_cpu_online+0x3c/0x70 cpuhp_invoke_callback+0x397/0x5f0 __cpuhp_invoke_callback_range+0x71/0xe0 _cpu_up+0xeb/0x210 cpu_up+0x91/0xe0 cpuhp_bringup_mask+0x49/0xb0 bringup_nonboot_cpus+0xb7/0xe0 smp_init+0x25/0xa0 kernel_init_freeable+0x15f/0x3e0 kernel_init+0x15/0x1b0 ret_from_fork+0x2f/0x50 ret_from_fork_asm+0x1a/0x30 -> #0 (cpu_hotplug_lock){++++}-{0:0}: __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 other info that might help us debug this: Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(pcp_batch_high_lock); lock(cpu_hotplug_lock); lock(pcp_batch_high_lock); rlock(cpu_hotplug_lock); *** DEADLOCK *** 5 locks held by bash/46904: #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0 #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0 #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0 #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70 #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40 stack backtrace: CPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 check_noncircular+0x129/0x140 __lock_acquire+0x1298/0x1cd0 lock_acquire+0xc0/0x2b0 cpus_read_lock+0x2a/0xc0 static_key_slow_dec+0x16/0x60 __hugetlb_vmemmap_restore_folio+0x1b9/0x200 dissolve_free_huge_page+0x211/0x260 __page_handle_poison+0x45/0xc0 memory_failure+0x65e/0xc70 hard_offline_page_store+0x55/0xa0 kernfs_fop_write_iter+0x12c/0x1d0 vfs_write+0x387/0x550 ksys_write+0x64/0xe0 do_syscall_64+0xca/0x1e0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7fc862314887 Code: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24 RSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887 RDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001 RBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c R13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00 In short, below scene breaks the ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-26987 is a vulnerability identified in the Linux kernel related to a deadlock condition occurring when the hugetlb_optimize_vmemmap feature is enabled. The issue arises specifically in the memory management subsystem, particularly within the handling of huge pages (hugetlb). The vulnerability manifests during hard offline testing of huge pages, where a circular locking dependency leads to a deadlock. The deadlock involves two kernel locks: cpu_hotplug_lock and pcp_batch_high_lock. The kernel attempts to acquire these locks in an order that creates a circular wait condition, causing the system to hang. The detailed kernel stack traces show that the deadlock occurs during operations related to memory failure handling and page poisoning, specifically in the functions __hugetlb_vmemmap_restore_folio, dissolve_free_huge_page, and memory_failure. The deadlock is triggered when a process (e.g., bash) holds multiple locks and attempts to acquire another lock that is already involved in a circular dependency. This can halt kernel operations related to CPU hotplugging and memory failure management. The vulnerability is present in Linux kernel versions prior to the patch that resolved this deadlock scenario. It is important to note that this issue is not related to a security breach such as privilege escalation or information disclosure but rather a stability and availability concern due to kernel deadlock. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability was reserved in February 2024 and published in May 2024, indicating recent discovery and patching efforts.
Potential Impact
For European organizations, the primary impact of CVE-2024-26987 is on system stability and availability rather than confidentiality or integrity. Systems running Linux kernels with hugetlb_optimize_vmemmap enabled and handling huge pages in environments that perform memory failure testing or CPU hotplug operations are at risk of experiencing kernel deadlocks. This can lead to system hangs, requiring reboots and causing downtime. Critical infrastructure, data centers, cloud providers, and enterprises relying on Linux servers for high-performance computing or memory-intensive applications may face operational disruptions. The deadlock could affect virtualized environments and containerized workloads where huge pages are used to optimize memory performance. Although no direct exploitation for privilege escalation or data theft is indicated, the denial-of-service-like effect can impact service availability, potentially violating SLAs and causing financial and reputational damage. Organizations with automated memory failure handling or CPU hotplugging in their Linux systems are particularly vulnerable. The lack of known exploits reduces immediate risk, but unpatched systems remain susceptible to stability issues.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes the deadlock condition as soon as it becomes available from trusted Linux distributions or the kernel mainline. 2. Temporarily disable the hugetlb_optimize_vmemmap feature if patching is not immediately feasible, to avoid triggering the deadlock scenario. 3. Review and audit kernel configurations and memory management settings related to huge pages and CPU hotplugging to ensure they align with best practices and do not enable unnecessary features that increase risk. 4. Implement robust monitoring of kernel logs and system health to detect early signs of deadlocks or hangs related to memory failure or CPU hotplug operations. 5. For virtualized or containerized environments, coordinate with hypervisor and container orchestration teams to manage huge page usage carefully and avoid configurations that might trigger this vulnerability. 6. Maintain updated backups and disaster recovery plans to minimize downtime impact if a deadlock occurs. 7. Engage with Linux vendor support channels for guidance on backported patches and kernel updates tailored to specific distributions used within the organization.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-02-19T14:20:24.205Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9829c4522896dcbe300f
Added to database: 5/21/2025, 9:08:57 AM
Last enriched: 6/29/2025, 1:56:41 PM
Last updated: 8/13/2025, 1:47:39 AM
Views: 15
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.