CVE-2024-35929: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sysctl_handler delete_object_full drop_slab __delete_object shrink_slab put_object lazy_rcu_shrink_scan call_rcu rcu_nocb_flush_bypass __call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended); rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __| Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches". This commit therefore uses rcu_nocb_try_flush_bypass() instead of rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass queue is being flushed, then rcu_nocb_try_flush_bypass will return directly.
AI Analysis
Technical Summary
CVE-2024-35929 is a vulnerability identified in the Linux kernel related to the Read-Copy-Update (RCU) subsystem, specifically within the RCU No-CB (no callback) mechanism. The issue arises in kernels configured with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, which enable lazy RCU callback processing on all CPUs without dedicated callback threads. The vulnerability manifests as WARN_ON_ONCE() warnings triggered in the functions rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() under certain concurrent execution scenarios. These warnings indicate potential race conditions or improper lock handling when the nocb_bypass_lock is contended and the CPU executing the code does not match the expected CPU context. The problem can be reproduced by executing "echo 3 > /proc/sys/vm/drop_caches", which triggers cache dropping and RCU lazy shrink scans. The root cause is improper use of rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(), which has been corrected by replacing it with rcu_nocb_try_flush_bypass() to safely handle bypass queue flushing without causing WARN_ON_ONCE() conditions. Although the vulnerability primarily causes kernel warnings, it indicates underlying concurrency and synchronization issues in the RCU subsystem that could potentially lead to kernel instability or deadlocks under specific workloads. No known exploits are reported in the wild, and the vulnerability affects Linux kernel versions built with the specified configuration flags. This vulnerability is technical and low-level, impacting kernel internal synchronization mechanisms rather than user-facing features.
Potential Impact
For European organizations, the impact of CVE-2024-35929 depends on their use of Linux systems with kernels configured with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y. Such configurations are more common in specialized or performance-tuned environments rather than default distributions. The vulnerability could lead to kernel warnings and potentially unstable behavior or deadlocks in systems under heavy memory management operations, such as cache dropping or slab shrinking. This may cause service interruptions, degraded performance, or system crashes in critical infrastructure, cloud services, or data centers relying on affected Linux kernels. While no direct exploitation or privilege escalation is known, the underlying concurrency flaw could be leveraged in complex attack chains or cause denial of service conditions. European organizations operating high-availability Linux servers, especially in sectors like finance, telecommunications, or government, could face operational risks if unpatched. However, typical desktop or standard server deployments with default kernel configurations are less likely to be affected. The absence of known exploits reduces immediate risk, but the vulnerability highlights the need for vigilance in kernel updates and configuration management.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems running kernels with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y enabled, focusing on performance-tuned or custom kernels. 2) Apply the latest Linux kernel patches that address CVE-2024-35929, ensuring the replacement of rcu_nocb_flush_bypass() with rcu_nocb_try_flush_bypass() in lazy_rcu_shrink_scan(). 3) For systems where immediate patching is not feasible, avoid triggering conditions such as "echo 3 > /proc/sys/vm/drop_caches" in production environments to reduce the risk of encountering the WARN_ON_ONCE() condition. 4) Monitor kernel logs for WARN_ON_ONCE() messages related to rcu_nocb_bypass_lock or rcu_nocb_wait_contended to detect potential occurrences of the issue. 5) Review and test kernel configurations to assess the necessity of CONFIG_RCU_NOCB_CPU_DEFAULT_ALL and CONFIG_RCU_LAZY options, disabling them if not required to reduce attack surface. 6) Incorporate kernel updates into regular patch management cycles and validate stability post-update in staging environments before production deployment. 7) Engage with Linux distribution vendors or maintainers to ensure timely receipt of patches and advisories related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-35929: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sysctl_handler delete_object_full drop_slab __delete_object shrink_slab put_object lazy_rcu_shrink_scan call_rcu rcu_nocb_flush_bypass __call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended); rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __| Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches". This commit therefore uses rcu_nocb_try_flush_bypass() instead of rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass queue is being flushed, then rcu_nocb_try_flush_bypass will return directly.
AI-Powered Analysis
Technical Analysis
CVE-2024-35929 is a vulnerability identified in the Linux kernel related to the Read-Copy-Update (RCU) subsystem, specifically within the RCU No-CB (no callback) mechanism. The issue arises in kernels configured with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, which enable lazy RCU callback processing on all CPUs without dedicated callback threads. The vulnerability manifests as WARN_ON_ONCE() warnings triggered in the functions rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() under certain concurrent execution scenarios. These warnings indicate potential race conditions or improper lock handling when the nocb_bypass_lock is contended and the CPU executing the code does not match the expected CPU context. The problem can be reproduced by executing "echo 3 > /proc/sys/vm/drop_caches", which triggers cache dropping and RCU lazy shrink scans. The root cause is improper use of rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(), which has been corrected by replacing it with rcu_nocb_try_flush_bypass() to safely handle bypass queue flushing without causing WARN_ON_ONCE() conditions. Although the vulnerability primarily causes kernel warnings, it indicates underlying concurrency and synchronization issues in the RCU subsystem that could potentially lead to kernel instability or deadlocks under specific workloads. No known exploits are reported in the wild, and the vulnerability affects Linux kernel versions built with the specified configuration flags. This vulnerability is technical and low-level, impacting kernel internal synchronization mechanisms rather than user-facing features.
Potential Impact
For European organizations, the impact of CVE-2024-35929 depends on their use of Linux systems with kernels configured with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y. Such configurations are more common in specialized or performance-tuned environments rather than default distributions. The vulnerability could lead to kernel warnings and potentially unstable behavior or deadlocks in systems under heavy memory management operations, such as cache dropping or slab shrinking. This may cause service interruptions, degraded performance, or system crashes in critical infrastructure, cloud services, or data centers relying on affected Linux kernels. While no direct exploitation or privilege escalation is known, the underlying concurrency flaw could be leveraged in complex attack chains or cause denial of service conditions. European organizations operating high-availability Linux servers, especially in sectors like finance, telecommunications, or government, could face operational risks if unpatched. However, typical desktop or standard server deployments with default kernel configurations are less likely to be affected. The absence of known exploits reduces immediate risk, but the vulnerability highlights the need for vigilance in kernel updates and configuration management.
Mitigation Recommendations
European organizations should take the following specific mitigation steps: 1) Identify Linux systems running kernels with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y enabled, focusing on performance-tuned or custom kernels. 2) Apply the latest Linux kernel patches that address CVE-2024-35929, ensuring the replacement of rcu_nocb_flush_bypass() with rcu_nocb_try_flush_bypass() in lazy_rcu_shrink_scan(). 3) For systems where immediate patching is not feasible, avoid triggering conditions such as "echo 3 > /proc/sys/vm/drop_caches" in production environments to reduce the risk of encountering the WARN_ON_ONCE() condition. 4) Monitor kernel logs for WARN_ON_ONCE() messages related to rcu_nocb_bypass_lock or rcu_nocb_wait_contended to detect potential occurrences of the issue. 5) Review and test kernel configurations to assess the necessity of CONFIG_RCU_NOCB_CPU_DEFAULT_ALL and CONFIG_RCU_LAZY options, disabling them if not required to reduce attack surface. 6) Incorporate kernel updates into regular patch management cycles and validate stability post-update in staging environments before production deployment. 7) Engage with Linux distribution vendors or maintainers to ensure timely receipt of patches and advisories related to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.129Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe21d5
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 8:11:56 AM
Last updated: 8/12/2025, 12:51:53 PM
Views: 17
Related Threats
CVE-2025-55197: CWE-400: Uncontrolled Resource Consumption in py-pdf pypdf
MediumCVE-2025-8929: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-8928: SQL Injection in code-projects Medical Store Management System
MediumCVE-2025-34154: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Synergetic Data Systems Inc. UnForm Server Manager
CriticalCVE-2025-8927: Improper Restriction of Excessive Authentication Attempts in mtons mblog
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.