CVE-2024-40915: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context __kernel_map_pages() is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This function set/clear the valid bit using __set_memory(). __set_memory() acquires init_mm's semaphore, and this operation may sleep. This is problematic, because __kernel_map_pages() can be called in atomic context, and thus is illegal to sleep. An example warning that this causes: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd preempt_count: 2, expected: 0 CPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff800060dc>] dump_backtrace+0x1c/0x24 [<ffffffff8091ef6e>] show_stack+0x2c/0x38 [<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72 [<ffffffff8092bb24>] dump_stack+0x14/0x1c [<ffffffff8003b7ac>] __might_resched+0x104/0x10e [<ffffffff8003b7f4>] __might_sleep+0x3e/0x62 [<ffffffff8093276a>] down_write+0x20/0x72 [<ffffffff8000cf00>] __set_memory+0x82/0x2fa [<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4 [<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a [<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba [<ffffffff80011904>] copy_process+0x72c/0x17ec [<ffffffff80012ab4>] kernel_clone+0x60/0x2fe [<ffffffff80012f62>] kernel_thread+0x82/0xa0 [<ffffffff8003552c>] kthreadd+0x14a/0x1be [<ffffffff809357de>] ret_from_fork+0xe/0x1c Rewrite this function with apply_to_existing_page_range(). It is fine to not have any locking, because __kernel_map_pages() works with pages being allocated/deallocated and those pages are not changed by anyone else in the meantime.
AI Analysis
Technical Summary
CVE-2024-40915 is a vulnerability identified in the Linux kernel specifically affecting the RISC-V architecture implementation. The issue lies within the __kernel_map_pages() function, a debug utility designed to clear the valid bit in page table entries for deallocated pages. This mechanism helps detect illegal memory accesses to freed pages. The vulnerability arises because __kernel_map_pages() uses the __set_memory() function to set or clear the valid bit. __set_memory() acquires the init_mm semaphore, an operation that may cause the kernel to sleep. However, __kernel_map_pages() can be invoked in atomic context where sleeping is forbidden. This mismatch leads to a kernel warning or bug report indicating that a sleeping function was called from an invalid context, which can cause kernel instability or crashes. The root cause is that __set_memory()'s semaphore acquisition is incompatible with the atomic context of __kernel_map_pages(). The fix involves rewriting __kernel_map_pages() to use apply_to_existing_page_range(), which does not require locking and avoids sleeping. This is safe because the pages being manipulated are either being allocated or deallocated and are not concurrently modified by other processes. The vulnerability is specific to Linux kernel versions identified by the commit hash 5fde3db5eb028b95aeefa1ab192d36800414e8b8 and affects the RISC-V architecture. There are no known exploits in the wild, and no CVSS score has been assigned yet. The issue is primarily a stability and reliability concern rather than a direct security breach vector such as privilege escalation or information disclosure.
Potential Impact
For European organizations, the impact of CVE-2024-40915 is primarily related to system stability and reliability on Linux systems running on RISC-V architecture. While RISC-V is an emerging architecture and not yet as widely deployed as x86 or ARM in mainstream servers or desktops, it is gaining traction in embedded systems, IoT devices, and specialized computing environments. Organizations using RISC-V Linux kernels in critical infrastructure, industrial control systems, or research environments may experience kernel panics or crashes due to this vulnerability, potentially leading to denial of service conditions. This could disrupt operations, especially in environments requiring high availability or real-time processing. Although the vulnerability does not directly enable privilege escalation or data compromise, the resulting instability could be exploited indirectly by attackers to cause service outages or to facilitate other attacks that rely on system crashes. European entities involved in technology development, embedded systems manufacturing, or research institutions experimenting with RISC-V may be more exposed. The lack of known exploits reduces immediate risk, but the potential for future exploitation exists if attackers develop methods to trigger this bug deliberately.
Mitigation Recommendations
To mitigate CVE-2024-40915, European organizations should: 1) Apply the official Linux kernel patches that rewrite __kernel_map_pages() to use apply_to_existing_page_range(), thereby eliminating the illegal sleeping in atomic context. 2) Monitor kernel updates from trusted Linux distributions and vendors that incorporate this fix, especially for RISC-V kernel builds. 3) For custom or embedded Linux systems using RISC-V, ensure kernel sources are updated and rebuilt with the patch applied. 4) Implement robust kernel crash monitoring and alerting to detect any occurrences of BUG warnings related to sleeping in invalid context, enabling rapid response and troubleshooting. 5) Limit deployment of RISC-V Linux kernels to non-critical systems until patched, or implement redundancy and failover mechanisms to mitigate potential downtime. 6) Engage with hardware and software vendors to confirm their support and patch timelines for RISC-V Linux kernel vulnerabilities. 7) Conduct thorough testing of kernel updates in staging environments to verify stability before production rollout. These steps go beyond generic advice by focusing on architecture-specific patching, monitoring for kernel stability issues, and operational controls tailored to RISC-V Linux environments.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Belgium
CVE-2024-40915: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context __kernel_map_pages() is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This function set/clear the valid bit using __set_memory(). __set_memory() acquires init_mm's semaphore, and this operation may sleep. This is problematic, because __kernel_map_pages() can be called in atomic context, and thus is illegal to sleep. An example warning that this causes: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd preempt_count: 2, expected: 0 CPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff800060dc>] dump_backtrace+0x1c/0x24 [<ffffffff8091ef6e>] show_stack+0x2c/0x38 [<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72 [<ffffffff8092bb24>] dump_stack+0x14/0x1c [<ffffffff8003b7ac>] __might_resched+0x104/0x10e [<ffffffff8003b7f4>] __might_sleep+0x3e/0x62 [<ffffffff8093276a>] down_write+0x20/0x72 [<ffffffff8000cf00>] __set_memory+0x82/0x2fa [<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4 [<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a [<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba [<ffffffff80011904>] copy_process+0x72c/0x17ec [<ffffffff80012ab4>] kernel_clone+0x60/0x2fe [<ffffffff80012f62>] kernel_thread+0x82/0xa0 [<ffffffff8003552c>] kthreadd+0x14a/0x1be [<ffffffff809357de>] ret_from_fork+0xe/0x1c Rewrite this function with apply_to_existing_page_range(). It is fine to not have any locking, because __kernel_map_pages() works with pages being allocated/deallocated and those pages are not changed by anyone else in the meantime.
AI-Powered Analysis
Technical Analysis
CVE-2024-40915 is a vulnerability identified in the Linux kernel specifically affecting the RISC-V architecture implementation. The issue lies within the __kernel_map_pages() function, a debug utility designed to clear the valid bit in page table entries for deallocated pages. This mechanism helps detect illegal memory accesses to freed pages. The vulnerability arises because __kernel_map_pages() uses the __set_memory() function to set or clear the valid bit. __set_memory() acquires the init_mm semaphore, an operation that may cause the kernel to sleep. However, __kernel_map_pages() can be invoked in atomic context where sleeping is forbidden. This mismatch leads to a kernel warning or bug report indicating that a sleeping function was called from an invalid context, which can cause kernel instability or crashes. The root cause is that __set_memory()'s semaphore acquisition is incompatible with the atomic context of __kernel_map_pages(). The fix involves rewriting __kernel_map_pages() to use apply_to_existing_page_range(), which does not require locking and avoids sleeping. This is safe because the pages being manipulated are either being allocated or deallocated and are not concurrently modified by other processes. The vulnerability is specific to Linux kernel versions identified by the commit hash 5fde3db5eb028b95aeefa1ab192d36800414e8b8 and affects the RISC-V architecture. There are no known exploits in the wild, and no CVSS score has been assigned yet. The issue is primarily a stability and reliability concern rather than a direct security breach vector such as privilege escalation or information disclosure.
Potential Impact
For European organizations, the impact of CVE-2024-40915 is primarily related to system stability and reliability on Linux systems running on RISC-V architecture. While RISC-V is an emerging architecture and not yet as widely deployed as x86 or ARM in mainstream servers or desktops, it is gaining traction in embedded systems, IoT devices, and specialized computing environments. Organizations using RISC-V Linux kernels in critical infrastructure, industrial control systems, or research environments may experience kernel panics or crashes due to this vulnerability, potentially leading to denial of service conditions. This could disrupt operations, especially in environments requiring high availability or real-time processing. Although the vulnerability does not directly enable privilege escalation or data compromise, the resulting instability could be exploited indirectly by attackers to cause service outages or to facilitate other attacks that rely on system crashes. European entities involved in technology development, embedded systems manufacturing, or research institutions experimenting with RISC-V may be more exposed. The lack of known exploits reduces immediate risk, but the potential for future exploitation exists if attackers develop methods to trigger this bug deliberately.
Mitigation Recommendations
To mitigate CVE-2024-40915, European organizations should: 1) Apply the official Linux kernel patches that rewrite __kernel_map_pages() to use apply_to_existing_page_range(), thereby eliminating the illegal sleeping in atomic context. 2) Monitor kernel updates from trusted Linux distributions and vendors that incorporate this fix, especially for RISC-V kernel builds. 3) For custom or embedded Linux systems using RISC-V, ensure kernel sources are updated and rebuilt with the patch applied. 4) Implement robust kernel crash monitoring and alerting to detect any occurrences of BUG warnings related to sleeping in invalid context, enabling rapid response and troubleshooting. 5) Limit deployment of RISC-V Linux kernels to non-critical systems until patched, or implement redundancy and failover mechanisms to mitigate potential downtime. 6) Engage with hardware and software vendors to confirm their support and patch timelines for RISC-V Linux kernel vulnerabilities. 7) Conduct thorough testing of kernel updates in staging environments to verify stability before production rollout. These steps go beyond generic advice by focusing on architecture-specific patching, monitoring for kernel stability issues, and operational controls tailored to RISC-V Linux environments.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-12T12:17:45.581Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe13a0
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 2:10:41 AM
Last updated: 8/8/2025, 6:53:30 PM
Views: 15
Related Threats
CVE-2025-8293: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Theerawat Patthawee Intl DateTime Calendar
MediumCVE-2025-7686: CWE-352 Cross-Site Request Forgery (CSRF) in lmyoaoa weichuncai(WP伪春菜)
MediumCVE-2025-7684: CWE-352 Cross-Site Request Forgery (CSRF) in remysharp Last.fm Recent Album Artwork
MediumCVE-2025-7683: CWE-352 Cross-Site Request Forgery (CSRF) in janyksteenbeek LatestCheckins
MediumCVE-2025-7668: CWE-352 Cross-Site Request Forgery (CSRF) in timothyja Linux Promotional Plugin
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.