CVE-2024-36936: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and not triggers softlockup on other CPUs. However the softlock up was intermittent shown up if the memory of the TD guest is large, and the timeout of softlockup is set to 1 second: RIP: 0010:_raw_spin_unlock_irqrestore Call Trace: ? __hrtimer_run_queues <IRQ> ? hrtimer_interrupt ? watchdog_timer_fn ? __sysvec_apic_timer_interrupt ? __pfx_watchdog_timer_fn ? sysvec_apic_timer_interrupt </IRQ> ? __hrtimer_run_queues <TASK> ? hrtimer_interrupt ? asm_sysvec_apic_timer_interrupt ? _raw_spin_unlock_irqrestore ? __sysvec_apic_timer_interrupt ? sysvec_apic_timer_interrupt accept_memory try_to_accept_memory do_huge_pmd_anonymous_page get_page_from_freelist __handle_mm_fault __alloc_pages __folio_alloc ? __tdx_hypercall handle_mm_fault vma_alloc_folio do_user_addr_fault do_huge_pmd_anonymous_page exc_page_fault ? __do_huge_pmd_anonymous_page asm_exc_page_fault __handle_mm_fault When the local irq is enabled at the end of accept_memory(), the softlockup detects that the watchdog on single CPU has not been fed for a while. That is to say, even other CPUs will not be blocked by spinlock, the current CPU might be stunk with local irq disabled for a while, which hurts not only nmi watchdog but also softlockup. Chao Gao pointed out that the memory accept could be time costly and there was similar report before. Thus to avoid any softlocup detection during this stage, give the softlockup a flag to skip the timeout check at the end of accept_memory(), by invoking touch_softlockup_watchdog().
AI Analysis
Technical Summary
CVE-2024-36936 addresses a vulnerability in the Linux kernel related to the handling of memory acceptance in Trusted Domain (TD) guests, specifically within the EFI (Extensible Firmware Interface) unaccepted memory path. The issue arises from a soft lockup condition triggered during the memory acceptance process when the TD guest's memory size is large and the softlockup watchdog timeout is set to one second. The root cause involves the kernel's spinlock mechanism and interrupt handling during the accept_memory() function execution. Although a prior commit (50e782a86c98) improved parallel memory acceptance by releasing the spinlock to allow multiple CPUs to perform memory acceptance concurrently, the local CPU executing accept_memory() may still disable local interrupts for an extended period. This prolonged disabling of local IRQs causes the kernel's softlockup watchdog to detect a timeout, mistakenly flagging a soft lockup. The problem manifests as the watchdog timer on a single CPU not being fed in time, leading to false positive soft lockup detections, which can degrade system responsiveness and stability. The fix involves invoking touch_softlockup_watchdog() to reset the softlockup timer during the time-consuming accept_memory() stage, effectively suppressing false softlockup reports without compromising system integrity. This vulnerability does not appear to be exploitable for code execution or privilege escalation but can cause system instability or hangs under specific workloads involving large TD guest memory allocations.
Potential Impact
For European organizations, the impact of CVE-2024-36936 primarily concerns system stability and availability rather than direct data confidentiality or integrity breaches. Organizations running Linux-based systems with Trusted Domain (TD) guest environments—commonly found in cloud infrastructure, virtualization platforms, and advanced security-focused deployments—may experience intermittent system hangs or degraded performance during memory acceptance operations. This can affect critical services relying on virtualization, such as cloud service providers, financial institutions, and research centers that utilize large memory TD guests for secure workloads. Prolonged soft lockups could lead to increased downtime, reduced service reliability, and potential cascading failures in multi-tenant environments. While no direct exploitation is known, the vulnerability could indirectly impact operational continuity, especially in environments with stringent uptime requirements. European entities with high adoption of Linux in data centers and cloud infrastructures should be aware of this issue to maintain service quality and avoid unexpected disruptions.
Mitigation Recommendations
To mitigate the effects of CVE-2024-36936, European organizations should: 1) Apply the latest Linux kernel patches that include the fix invoking touch_softlockup_watchdog() during accept_memory() to prevent false softlockup detection. 2) Monitor kernel logs and system watchdog alerts for signs of soft lockups related to memory acceptance, particularly in environments running TD guests with large memory allocations. 3) Adjust softlockup watchdog timeout settings cautiously if necessary, balancing between timely detection of genuine lockups and avoiding false positives during memory acceptance. 4) Test kernel updates in staging environments replicating production TD guest workloads to ensure stability before wide deployment. 5) Collaborate with Linux distribution vendors and virtualization platform providers to confirm that their kernel versions incorporate this fix. 6) Implement robust monitoring and alerting for system responsiveness and CPU interrupt handling to detect anomalies early. These steps go beyond generic advice by focusing on the specific context of TD guest memory acceptance and kernel interrupt management.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Ireland
CVE-2024-36936: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and not triggers softlockup on other CPUs. However the softlock up was intermittent shown up if the memory of the TD guest is large, and the timeout of softlockup is set to 1 second: RIP: 0010:_raw_spin_unlock_irqrestore Call Trace: ? __hrtimer_run_queues <IRQ> ? hrtimer_interrupt ? watchdog_timer_fn ? __sysvec_apic_timer_interrupt ? __pfx_watchdog_timer_fn ? sysvec_apic_timer_interrupt </IRQ> ? __hrtimer_run_queues <TASK> ? hrtimer_interrupt ? asm_sysvec_apic_timer_interrupt ? _raw_spin_unlock_irqrestore ? __sysvec_apic_timer_interrupt ? sysvec_apic_timer_interrupt accept_memory try_to_accept_memory do_huge_pmd_anonymous_page get_page_from_freelist __handle_mm_fault __alloc_pages __folio_alloc ? __tdx_hypercall handle_mm_fault vma_alloc_folio do_user_addr_fault do_huge_pmd_anonymous_page exc_page_fault ? __do_huge_pmd_anonymous_page asm_exc_page_fault __handle_mm_fault When the local irq is enabled at the end of accept_memory(), the softlockup detects that the watchdog on single CPU has not been fed for a while. That is to say, even other CPUs will not be blocked by spinlock, the current CPU might be stunk with local irq disabled for a while, which hurts not only nmi watchdog but also softlockup. Chao Gao pointed out that the memory accept could be time costly and there was similar report before. Thus to avoid any softlocup detection during this stage, give the softlockup a flag to skip the timeout check at the end of accept_memory(), by invoking touch_softlockup_watchdog().
AI-Powered Analysis
Technical Analysis
CVE-2024-36936 addresses a vulnerability in the Linux kernel related to the handling of memory acceptance in Trusted Domain (TD) guests, specifically within the EFI (Extensible Firmware Interface) unaccepted memory path. The issue arises from a soft lockup condition triggered during the memory acceptance process when the TD guest's memory size is large and the softlockup watchdog timeout is set to one second. The root cause involves the kernel's spinlock mechanism and interrupt handling during the accept_memory() function execution. Although a prior commit (50e782a86c98) improved parallel memory acceptance by releasing the spinlock to allow multiple CPUs to perform memory acceptance concurrently, the local CPU executing accept_memory() may still disable local interrupts for an extended period. This prolonged disabling of local IRQs causes the kernel's softlockup watchdog to detect a timeout, mistakenly flagging a soft lockup. The problem manifests as the watchdog timer on a single CPU not being fed in time, leading to false positive soft lockup detections, which can degrade system responsiveness and stability. The fix involves invoking touch_softlockup_watchdog() to reset the softlockup timer during the time-consuming accept_memory() stage, effectively suppressing false softlockup reports without compromising system integrity. This vulnerability does not appear to be exploitable for code execution or privilege escalation but can cause system instability or hangs under specific workloads involving large TD guest memory allocations.
Potential Impact
For European organizations, the impact of CVE-2024-36936 primarily concerns system stability and availability rather than direct data confidentiality or integrity breaches. Organizations running Linux-based systems with Trusted Domain (TD) guest environments—commonly found in cloud infrastructure, virtualization platforms, and advanced security-focused deployments—may experience intermittent system hangs or degraded performance during memory acceptance operations. This can affect critical services relying on virtualization, such as cloud service providers, financial institutions, and research centers that utilize large memory TD guests for secure workloads. Prolonged soft lockups could lead to increased downtime, reduced service reliability, and potential cascading failures in multi-tenant environments. While no direct exploitation is known, the vulnerability could indirectly impact operational continuity, especially in environments with stringent uptime requirements. European entities with high adoption of Linux in data centers and cloud infrastructures should be aware of this issue to maintain service quality and avoid unexpected disruptions.
Mitigation Recommendations
To mitigate the effects of CVE-2024-36936, European organizations should: 1) Apply the latest Linux kernel patches that include the fix invoking touch_softlockup_watchdog() during accept_memory() to prevent false softlockup detection. 2) Monitor kernel logs and system watchdog alerts for signs of soft lockups related to memory acceptance, particularly in environments running TD guests with large memory allocations. 3) Adjust softlockup watchdog timeout settings cautiously if necessary, balancing between timely detection of genuine lockups and avoiding false positives during memory acceptance. 4) Test kernel updates in staging environments replicating production TD guest workloads to ensure stability before wide deployment. 5) Collaborate with Linux distribution vendors and virtualization platform providers to confirm that their kernel versions incorporate this fix. 6) Implement robust monitoring and alerting for system responsiveness and CPU interrupt handling to detect anomalies early. These steps go beyond generic advice by focusing on the specific context of TD guest memory acceptance and kernel interrupt management.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-05-30T15:25:07.071Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9821c4522896dcbddd74
Added to database: 5/21/2025, 9:08:49 AM
Last enriched: 6/28/2025, 3:40:56 AM
Last updated: 7/26/2025, 2:57:06 PM
Views: 8
Related Threats
CVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumCVE-2025-8482: CWE-862 Missing Authorization in 10up Simple Local Avatars
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.