CVE-2024-36004: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQ_MEM_RECLAIM flag, and the i40iw one is not. Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too. [Feb 9 09:08] ------------[ cut here ]------------ [ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is flushing !WQ_MEM_RECLAIM infiniband:0x0 [ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966 check_flush_dependency+0x10b/0x120 [ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4 nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr rfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma intel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core iTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore ioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich intel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad xfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe drm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel libata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror dm_region_hash dm_log dm_mod fuse [ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not tainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1 [ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 [ +0.000001] Workqueue: i40e i40e_service_task [i40e] [ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120 [ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48 81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90 [ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282 [ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX: 0000000000000027 [ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI: ffff94d47f620bc0 [ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffff7fff [ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12: ffff94c5451ea180 [ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15: ffff94c5f1330ab0 [ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4: 00000000007706f0 [ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] ? __warn+0x80/0x130 [ +0.000003] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? report_bug+0x195/0x1a0 [ +0.000005] ? handle_bug+0x3c/0x70 [ +0.000003] ? exc_invalid_op+0x14/0x70 [ +0.000002] ? asm_exc_invalid_op+0x16/0x20 [ +0.000006] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? check_flush_dependency+0x10b/0x120 [ +0.000002] __flush_workqueue+0x126/0x3f0 [ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core] [ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core] [ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core] [ +0.000020] i40iw_close+0x4b/0x90 [irdma] [ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e] [ +0.000035] i40e_service_task+0x126/0x190 [i40e] [ +0.000024] process_one_work+0x174/0x340 [ +0.000003] worker_th ---truncated---
AI Analysis
Technical Summary
CVE-2024-36004 addresses a vulnerability in the Linux kernel specifically related to the i40e network driver, which is used for Intel Ethernet devices. The issue arises when both the i40e and i40iw drivers are loaded simultaneously. The i40e driver allocates its workqueue with the WQ_MEM_RECLAIM flag, while the i40iw driver does not. This mismatch triggers a warning in the kernel's workqueue subsystem, specifically in the check_flush_dependency function. The warning indicates a problematic flushing of a workqueue that uses the WQ_MEM_RECLAIM flag against one that does not, which can lead to kernel warnings and potentially unstable behavior. A similar problem was previously identified and fixed in the ice driver by removing the WQ_MEM_RECLAIM flag. The fix for this vulnerability involves applying the same approach to the i40e driver, removing the WQ_MEM_RECLAIM flag from its workqueue allocation to prevent the warning and potential instability. The vulnerability was discovered during SR-IOV testing, which is a virtualization technology used to allow a single physical device to appear as multiple separate devices. The kernel warning and call trace provided indicate that this issue can cause kernel warnings and possibly impact system stability or cause crashes under certain conditions. However, there is no indication that this vulnerability leads to privilege escalation or remote code execution. It is primarily a stability and reliability issue related to kernel workqueue management in specific Intel network drivers. The vulnerability affects Linux kernel versions containing the affected i40e driver code prior to the fix. No CVSS score is assigned yet, and no known exploits are reported in the wild. The vulnerability is technical and low-level, related to kernel workqueue flags and their proper usage in driver code.
Potential Impact
For European organizations, the impact of CVE-2024-36004 is primarily related to system stability and reliability rather than direct security breaches such as data leaks or unauthorized access. Organizations using Linux servers with Intel Ethernet devices that rely on the i40e and i40iw drivers—particularly in environments utilizing SR-IOV for virtualization—may experience kernel warnings, potential system instability, or crashes. This could lead to service interruptions, degraded network performance, or downtime in critical infrastructure such as data centers, cloud services, and enterprise networks. Industries relying heavily on virtualization and high-performance networking, such as telecommunications, financial services, and cloud providers, may be more affected. Although this vulnerability does not appear to enable privilege escalation or remote exploitation, the resulting instability could indirectly affect availability and operational continuity. European organizations with large-scale Linux deployments should prioritize patching to maintain system reliability and avoid disruptions. Given the technical nature of the issue, the impact is more significant in environments where the affected drivers are actively used in combination and where SR-IOV is enabled.
Mitigation Recommendations
1. Apply the official Linux kernel patches that remove the WQ_MEM_RECLAIM flag from the i40e driver's workqueue allocation as soon as they are available from trusted Linux kernel sources or vendor distributions. 2. For organizations using custom or older kernel versions, backport the fix by removing the WQ_MEM_RECLAIM flag from the i40e driver's workqueue initialization code, following the pattern used in the ice driver fix. 3. Conduct thorough testing in staging environments, especially where SR-IOV and both i40e and i40iw drivers are in use, to verify that the fix resolves the kernel warnings without introducing regressions. 4. Monitor kernel logs for warnings related to workqueue flushing and check_flush_dependency to detect any residual issues. 5. Coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and support for affected systems. 6. Consider temporarily disabling SR-IOV or the affected drivers if patching is delayed and system stability is critical, while evaluating the operational impact. 7. Maintain robust backup and recovery procedures to mitigate potential downtime caused by kernel instability. These steps go beyond generic advice by focusing on driver-specific code changes, testing in virtualization contexts, and operational controls tailored to the affected networking components.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland, Italy
CVE-2024-36004: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQ_MEM_RECLAIM flag, and the i40iw one is not. Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too. [Feb 9 09:08] ------------[ cut here ]------------ [ +0.000004] workqueue: WQ_MEM_RECLAIM i40e:i40e_service_task [i40e] is flushing !WQ_MEM_RECLAIM infiniband:0x0 [ +0.000060] WARNING: CPU: 0 PID: 937 at kernel/workqueue.c:2966 check_flush_dependency+0x10b/0x120 [ +0.000007] Modules linked in: snd_seq_dummy snd_hrtimer snd_seq snd_timer snd_seq_device snd soundcore nls_utf8 cifs cifs_arc4 nls_ucs2_utils rdma_cm iw_cm ib_cm cifs_md4 dns_resolver netfs qrtr rfkill sunrpc vfat fat intel_rapl_msr intel_rapl_common irdma intel_uncore_frequency intel_uncore_frequency_common ice ipmi_ssif isst_if_common skx_edac nfit libnvdimm x86_pkg_temp_thermal intel_powerclamp gnss coretemp ib_uverbs rapl intel_cstate ib_core iTCO_wdt iTCO_vendor_support acpi_ipmi mei_me ipmi_si intel_uncore ioatdma i2c_i801 joydev pcspkr mei ipmi_devintf lpc_ich intel_pch_thermal i2c_smbus ipmi_msghandler acpi_power_meter acpi_pad xfs libcrc32c ast sd_mod drm_shmem_helper t10_pi drm_kms_helper sg ixgbe drm i40e ahci crct10dif_pclmul libahci crc32_pclmul igb crc32c_intel libata ghash_clmulni_intel i2c_algo_bit mdio dca wmi dm_mirror dm_region_hash dm_log dm_mod fuse [ +0.000050] CPU: 0 PID: 937 Comm: kworker/0:3 Kdump: loaded Not tainted 6.8.0-rc2-Feb-net_dev-Qiueue-00279-gbd43c5687e05 #1 [ +0.000003] Hardware name: Intel Corporation S2600BPB/S2600BPB, BIOS SE5C620.86B.02.01.0013.121520200651 12/15/2020 [ +0.000001] Workqueue: i40e i40e_service_task [i40e] [ +0.000024] RIP: 0010:check_flush_dependency+0x10b/0x120 [ +0.000003] Code: ff 49 8b 54 24 18 48 8d 8b b0 00 00 00 49 89 e8 48 81 c6 b0 00 00 00 48 c7 c7 b0 97 fa 9f c6 05 8a cc 1f 02 01 e8 35 b3 fd ff <0f> 0b e9 10 ff ff ff 80 3d 78 cc 1f 02 00 75 94 e9 46 ff ff ff 90 [ +0.000002] RSP: 0018:ffffbd294976bcf8 EFLAGS: 00010282 [ +0.000002] RAX: 0000000000000000 RBX: ffff94d4c483c000 RCX: 0000000000000027 [ +0.000001] RDX: ffff94d47f620bc8 RSI: 0000000000000001 RDI: ffff94d47f620bc0 [ +0.000001] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000ffff7fff [ +0.000001] R10: ffffbd294976bb98 R11: ffffffffa0be65e8 R12: ffff94c5451ea180 [ +0.000001] R13: ffff94c5ab5e8000 R14: ffff94c5c20b6e05 R15: ffff94c5f1330ab0 [ +0.000001] FS: 0000000000000000(0000) GS:ffff94d47f600000(0000) knlGS:0000000000000000 [ +0.000002] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000001] CR2: 00007f9e6f1fca70 CR3: 0000000038e20004 CR4: 00000000007706f0 [ +0.000000] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ +0.000001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ +0.000001] PKRU: 55555554 [ +0.000001] Call Trace: [ +0.000001] <TASK> [ +0.000002] ? __warn+0x80/0x130 [ +0.000003] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? report_bug+0x195/0x1a0 [ +0.000005] ? handle_bug+0x3c/0x70 [ +0.000003] ? exc_invalid_op+0x14/0x70 [ +0.000002] ? asm_exc_invalid_op+0x16/0x20 [ +0.000006] ? check_flush_dependency+0x10b/0x120 [ +0.000002] ? check_flush_dependency+0x10b/0x120 [ +0.000002] __flush_workqueue+0x126/0x3f0 [ +0.000015] ib_cache_cleanup_one+0x1c/0xe0 [ib_core] [ +0.000056] __ib_unregister_device+0x6a/0xb0 [ib_core] [ +0.000023] ib_unregister_device_and_put+0x34/0x50 [ib_core] [ +0.000020] i40iw_close+0x4b/0x90 [irdma] [ +0.000022] i40e_notify_client_of_netdev_close+0x54/0xc0 [i40e] [ +0.000035] i40e_service_task+0x126/0x190 [i40e] [ +0.000024] process_one_work+0x174/0x340 [ +0.000003] worker_th ---truncated---
AI-Powered Analysis
Technical Analysis
CVE-2024-36004 addresses a vulnerability in the Linux kernel specifically related to the i40e network driver, which is used for Intel Ethernet devices. The issue arises when both the i40e and i40iw drivers are loaded simultaneously. The i40e driver allocates its workqueue with the WQ_MEM_RECLAIM flag, while the i40iw driver does not. This mismatch triggers a warning in the kernel's workqueue subsystem, specifically in the check_flush_dependency function. The warning indicates a problematic flushing of a workqueue that uses the WQ_MEM_RECLAIM flag against one that does not, which can lead to kernel warnings and potentially unstable behavior. A similar problem was previously identified and fixed in the ice driver by removing the WQ_MEM_RECLAIM flag. The fix for this vulnerability involves applying the same approach to the i40e driver, removing the WQ_MEM_RECLAIM flag from its workqueue allocation to prevent the warning and potential instability. The vulnerability was discovered during SR-IOV testing, which is a virtualization technology used to allow a single physical device to appear as multiple separate devices. The kernel warning and call trace provided indicate that this issue can cause kernel warnings and possibly impact system stability or cause crashes under certain conditions. However, there is no indication that this vulnerability leads to privilege escalation or remote code execution. It is primarily a stability and reliability issue related to kernel workqueue management in specific Intel network drivers. The vulnerability affects Linux kernel versions containing the affected i40e driver code prior to the fix. No CVSS score is assigned yet, and no known exploits are reported in the wild. The vulnerability is technical and low-level, related to kernel workqueue flags and their proper usage in driver code.
Potential Impact
For European organizations, the impact of CVE-2024-36004 is primarily related to system stability and reliability rather than direct security breaches such as data leaks or unauthorized access. Organizations using Linux servers with Intel Ethernet devices that rely on the i40e and i40iw drivers—particularly in environments utilizing SR-IOV for virtualization—may experience kernel warnings, potential system instability, or crashes. This could lead to service interruptions, degraded network performance, or downtime in critical infrastructure such as data centers, cloud services, and enterprise networks. Industries relying heavily on virtualization and high-performance networking, such as telecommunications, financial services, and cloud providers, may be more affected. Although this vulnerability does not appear to enable privilege escalation or remote exploitation, the resulting instability could indirectly affect availability and operational continuity. European organizations with large-scale Linux deployments should prioritize patching to maintain system reliability and avoid disruptions. Given the technical nature of the issue, the impact is more significant in environments where the affected drivers are actively used in combination and where SR-IOV is enabled.
Mitigation Recommendations
1. Apply the official Linux kernel patches that remove the WQ_MEM_RECLAIM flag from the i40e driver's workqueue allocation as soon as they are available from trusted Linux kernel sources or vendor distributions. 2. For organizations using custom or older kernel versions, backport the fix by removing the WQ_MEM_RECLAIM flag from the i40e driver's workqueue initialization code, following the pattern used in the ice driver fix. 3. Conduct thorough testing in staging environments, especially where SR-IOV and both i40e and i40iw drivers are in use, to verify that the fix resolves the kernel warnings without introducing regressions. 4. Monitor kernel logs for warnings related to workqueue flushing and check_flush_dependency to detect any residual issues. 5. Coordinate with hardware vendors and Linux distribution maintainers to ensure timely updates and support for affected systems. 6. Consider temporarily disabling SR-IOV or the affected drivers if patching is delayed and system stability is critical, while evaluating the operational impact. 7. Maintain robust backup and recovery procedures to mitigate potential downtime caused by kernel instability. These steps go beyond generic advice by focusing on driver-specific code changes, testing in virtualization contexts, and operational controls tailored to the affected networking components.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-17T13:50:33.150Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9828c4522896dcbe243b
Added to database: 5/21/2025, 9:08:56 AM
Last enriched: 6/29/2025, 9:12:03 AM
Last updated: 8/1/2025, 7:18:40 AM
Views: 15
Related Threats
CVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-55150: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-54992: CWE-611: Improper Restriction of XML External Entity Reference in telstra open-kilda
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.