CVE-2024-35989: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops: BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1470e1067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57 Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 RIP: 0010:mutex_lock+0x2e/0x50 ... Call Trace: <TASK> __die+0x24/0x70 page_fault_oops+0x82/0x160 do_user_addr_fault+0x65/0x6b0 __pfx___rdmsr_safe_on_cpu+0x10/0x10 exc_page_fault+0x7d/0x170 asm_exc_page_fault+0x26/0x30 mutex_lock+0x2e/0x50 mutex_lock+0x1e/0x50 perf_pmu_migrate_context+0x87/0x1f0 perf_event_cpu_offline+0x76/0x90 [idxd] cpuhp_invoke_callback+0xa2/0x4f0 __pfx_perf_event_cpu_offline+0x10/0x10 [idxd] cpuhp_thread_fun+0x98/0x150 smpboot_thread_fn+0x27/0x260 smpboot_thread_fn+0x1af/0x260 __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x103/0x140 __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 <TASK> Fix the issue by preventing the migration of the perf context to an invalid target.
AI Analysis
Technical Summary
CVE-2024-35989 is a medium severity vulnerability identified in the Linux kernel's dmaengine idxd driver. The flaw occurs during the removal (rmmod) of the idxd driver on single-CPU platforms. Specifically, when the idxd driver is unloaded, it invokes a registered offline callback as part of its cleanup process. This callback attempts to migrate the performance monitoring (perf) context to another CPU. However, on systems with only one CPU online, there is no valid target CPU available for this migration. This leads to a kernel oops, a type of kernel crash caused by an invalid memory access. The oops is triggered by a page fault during a kernel-mode write operation, as the perf context migration tries to lock a mutex on a non-existent CPU target, resulting in a BUG error and system instability. The vulnerability is rooted in improper handling of CPU offline callbacks and perf context migration logic on single-CPU systems. The fix implemented prevents migration attempts to invalid CPU targets, thereby avoiding the kernel oops. The CVSS v3.1 score is 5.5 (medium severity) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local attack vector, low complexity, requires low privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability due to kernel crash. No known exploits are reported in the wild as of publication. This vulnerability affects Linux kernel versions containing the vulnerable idxd driver code prior to the fix. The issue is particularly relevant for single-CPU systems using the idxd driver, which is related to Intel Data Streaming Accelerator (DSA) hardware for DMA operations.
Potential Impact
For European organizations, the impact of CVE-2024-35989 depends largely on the deployment of Linux systems running on single-CPU platforms with the idxd driver enabled. The vulnerability causes a kernel oops leading to system crashes and potential denial of service (DoS). This can disrupt critical services, especially in embedded systems, industrial control systems, or specialized appliances that might use single-CPU Linux kernels with idxd support. While the vulnerability does not allow privilege escalation or data compromise, the availability impact can be significant for systems requiring high uptime or real-time processing. European enterprises relying on Linux-based infrastructure for networking, telecommunications, or edge computing might be affected if their hardware platforms include Intel DSA components and run single-CPU configurations. The disruption could lead to operational downtime, impacting service delivery and compliance with availability SLAs. However, multi-CPU systems are not affected by this issue, limiting the scope somewhat. Since no known exploits exist yet, the immediate risk is moderate, but organizations should prioritize patching to prevent potential future exploitation or accidental crashes during maintenance operations involving driver removal.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes the idxd driver to prevent perf context migration to invalid CPU targets. Ensure all Linux systems, especially those running on single-CPU platforms with idxd enabled, are updated promptly. 2. Audit systems to identify single-CPU Linux hosts with the idxd driver loaded. Disable or unload the idxd driver on systems where it is not required to reduce attack surface. 3. For critical systems where kernel updates are challenging, consider implementing monitoring to detect kernel oops or crashes related to idxd driver removal and automate recovery procedures. 4. Avoid removing the idxd driver module on single-CPU systems during runtime unless necessary, or ensure the system is rebooted after removal to prevent instability. 5. Coordinate with hardware vendors to confirm Intel DSA hardware usage and driver compatibility with patched kernel versions. 6. Incorporate this vulnerability into vulnerability management and patching workflows with priority for affected single-CPU Linux systems. 7. Test kernel updates in staging environments that replicate single-CPU configurations to validate stability before production deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland
CVE-2024-35989: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops: BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 1470e1067 P4D 0 Oops: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 Not tainted 6.8.0-rc6-dsa+ #57 Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023 RIP: 0010:mutex_lock+0x2e/0x50 ... Call Trace: <TASK> __die+0x24/0x70 page_fault_oops+0x82/0x160 do_user_addr_fault+0x65/0x6b0 __pfx___rdmsr_safe_on_cpu+0x10/0x10 exc_page_fault+0x7d/0x170 asm_exc_page_fault+0x26/0x30 mutex_lock+0x2e/0x50 mutex_lock+0x1e/0x50 perf_pmu_migrate_context+0x87/0x1f0 perf_event_cpu_offline+0x76/0x90 [idxd] cpuhp_invoke_callback+0xa2/0x4f0 __pfx_perf_event_cpu_offline+0x10/0x10 [idxd] cpuhp_thread_fun+0x98/0x150 smpboot_thread_fn+0x27/0x260 smpboot_thread_fn+0x1af/0x260 __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x103/0x140 __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x50 __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 <TASK> Fix the issue by preventing the migration of the perf context to an invalid target.
AI-Powered Analysis
Technical Analysis
CVE-2024-35989 is a medium severity vulnerability identified in the Linux kernel's dmaengine idxd driver. The flaw occurs during the removal (rmmod) of the idxd driver on single-CPU platforms. Specifically, when the idxd driver is unloaded, it invokes a registered offline callback as part of its cleanup process. This callback attempts to migrate the performance monitoring (perf) context to another CPU. However, on systems with only one CPU online, there is no valid target CPU available for this migration. This leads to a kernel oops, a type of kernel crash caused by an invalid memory access. The oops is triggered by a page fault during a kernel-mode write operation, as the perf context migration tries to lock a mutex on a non-existent CPU target, resulting in a BUG error and system instability. The vulnerability is rooted in improper handling of CPU offline callbacks and perf context migration logic on single-CPU systems. The fix implemented prevents migration attempts to invalid CPU targets, thereby avoiding the kernel oops. The CVSS v3.1 score is 5.5 (medium severity) with vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local attack vector, low complexity, requires low privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability due to kernel crash. No known exploits are reported in the wild as of publication. This vulnerability affects Linux kernel versions containing the vulnerable idxd driver code prior to the fix. The issue is particularly relevant for single-CPU systems using the idxd driver, which is related to Intel Data Streaming Accelerator (DSA) hardware for DMA operations.
Potential Impact
For European organizations, the impact of CVE-2024-35989 depends largely on the deployment of Linux systems running on single-CPU platforms with the idxd driver enabled. The vulnerability causes a kernel oops leading to system crashes and potential denial of service (DoS). This can disrupt critical services, especially in embedded systems, industrial control systems, or specialized appliances that might use single-CPU Linux kernels with idxd support. While the vulnerability does not allow privilege escalation or data compromise, the availability impact can be significant for systems requiring high uptime or real-time processing. European enterprises relying on Linux-based infrastructure for networking, telecommunications, or edge computing might be affected if their hardware platforms include Intel DSA components and run single-CPU configurations. The disruption could lead to operational downtime, impacting service delivery and compliance with availability SLAs. However, multi-CPU systems are not affected by this issue, limiting the scope somewhat. Since no known exploits exist yet, the immediate risk is moderate, but organizations should prioritize patching to prevent potential future exploitation or accidental crashes during maintenance operations involving driver removal.
Mitigation Recommendations
1. Apply the official Linux kernel patch that fixes the idxd driver to prevent perf context migration to invalid CPU targets. Ensure all Linux systems, especially those running on single-CPU platforms with idxd enabled, are updated promptly. 2. Audit systems to identify single-CPU Linux hosts with the idxd driver loaded. Disable or unload the idxd driver on systems where it is not required to reduce attack surface. 3. For critical systems where kernel updates are challenging, consider implementing monitoring to detect kernel oops or crashes related to idxd driver removal and automate recovery procedures. 4. Avoid removing the idxd driver module on single-CPU systems during runtime unless necessary, or ensure the system is rebooted after removal to prevent instability. 5. Coordinate with hardware vendors to confirm Intel DSA hardware usage and driver compatibility with patched kernel versions. 6. Incorporate this vulnerability into vulnerability management and patching workflows with priority for affected single-CPU Linux systems. 7. Test kernel updates in staging environments that replicate single-CPU configurations to validate stability before production deployment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.146Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe23bd
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:09:42 AM
Last updated: 8/13/2025, 12:49:10 AM
Views: 21
Related Threats
CVE-2025-43988: n/a
UnknownCVE-2025-8926: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-43986: n/a
CriticalCVE-2025-43982: n/a
CriticalCVE-2025-8925: SQL Injection in itsourcecode Sports Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.