CVE-2024-42110: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024 [74412.581699] Call Trace: [74412.584514] <TASK> [74412.586933] dump_stack_lvl+0x55/0x70 [74412.591129] check_preemption_disabled+0xc8/0xf0 [74412.596374] netif_rx_internal+0x42/0x130 [74412.600957] __netif_rx+0x20/0xd0 [74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev] [74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport] [74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport] [74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd] [74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd] [74412.634046] irq_thread_fn+0x21/0x60 [74412.638134] ? irq_thread+0xa8/0x290 [74412.642218] irq_thread+0x1a0/0x290 [74412.646212] ? __pfx_irq_thread_fn+0x10/0x10 [74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10 [74412.656117] ? __pfx_irq_thread+0x10/0x10 [74412.660686] kthread+0x100/0x130 [74412.664384] ? __pfx_kthread+0x10/0x10 [74412.668639] ret_from_fork+0x31/0x50 [74412.672716] ? __pfx_kthread+0x10/0x10 [74412.676978] ret_from_fork_asm+0x1a/0x30 [74412.681457] </TASK> The cause is due to the idxd driver interrupt completion handler uses threaded interrupt and the threaded handler is not hard or soft interrupt context. However __netif_rx() can only be called from interrupt context. Change the call to netif_rx() in order to allow completion via normal context for dmaengine drivers that utilize threaded irq handling. While the following commit changed from netif_rx() to __netif_rx(), baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."), the change should've been a noop instead. However, the code precedes this fix should've been using netif_rx_ni() or netif_rx_any_context().
AI Analysis
Technical Summary
CVE-2024-42110 is a vulnerability identified in the Linux kernel related to the handling of network packets in the context of the Non-Transparent Bridge (NTB) network device driver (ntb_netdev) and its interaction with the Intel Data Streaming Accelerator (idxd) driver. The core issue arises from improper use of the netif_rx() function within the ntb_netdev_rx_handler() callback. Specifically, the idxd driver uses a threaded interrupt handler for DMA completion, which is not executed in hard or soft interrupt context. However, the vulnerable code calls __netif_rx(), a function that must only be invoked from interrupt context. This misuse leads to a kernel BUG triggered by the use of smp_processor_id() in preemptible code, causing system instability or crashes. The root cause is a mismatch between the interrupt context expectations of netif_rx() and __netif_rx() and the actual context in which the idxd driver's interrupt handler runs. The fix involves reverting the call from __netif_rx() back to netif_rx(), which is safe to call from any context, or using netif_rx_ni() or netif_rx_any_context() to ensure proper context handling. This vulnerability affects Linux kernel versions around 6.9.5 and involves hardware platforms such as Intel ArcherCity. While no known exploits are currently reported in the wild, the flaw can cause kernel panics or denial of service due to improper interrupt handling in network packet processing paths involving the NTB transport and idxd DMA engine drivers.
Potential Impact
For European organizations relying on Linux-based infrastructure, especially those utilizing advanced networking and data acceleration hardware such as Intel's Data Streaming Accelerator (DSA) and NTB transport mechanisms, this vulnerability poses a risk of system crashes and denial of service. This can disrupt critical services, including high-performance computing clusters, data centers, and network appliances that leverage these kernel features. The instability caused by kernel panics can lead to downtime, data loss, and degraded service availability. Given the Linux kernel's widespread use in servers, cloud environments, and embedded systems across Europe, the impact could be significant in sectors such as telecommunications, finance, research institutions, and industrial control systems. Although exploitation requires specific hardware and software configurations, the vulnerability's presence in the kernel means that any affected system running the vulnerable kernel versions is at risk. The lack of authentication or user interaction requirements means that a local process or driver could trigger the issue, potentially allowing attackers or malfunctioning software to cause denial of service conditions.
Mitigation Recommendations
To mitigate CVE-2024-42110, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring that the ntb_netdev and idxd drivers are updated to use netif_rx() or equivalent safe calls for packet reception in threaded interrupt contexts. 2) Audit systems for the use of NTB transport and Intel DSA idxd drivers, prioritizing updates on systems where these are active. 3) Implement kernel live patching where possible to minimize downtime during patch deployment. 4) Monitor kernel logs for BUG messages related to smp_processor_id() in preemptible code or netif_rx_internal errors, which may indicate attempts to trigger this vulnerability or system instability. 5) Limit access to systems with vulnerable kernels to trusted users and processes to reduce the risk of local exploitation. 6) For critical infrastructure, consider isolating affected systems or disabling the use of the idxd driver or NTB transport if feasible until patches are applied. 7) Engage with hardware vendors and Linux distribution maintainers to ensure timely updates and guidance specific to affected hardware platforms.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-42110: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024 [74412.581699] Call Trace: [74412.584514] <TASK> [74412.586933] dump_stack_lvl+0x55/0x70 [74412.591129] check_preemption_disabled+0xc8/0xf0 [74412.596374] netif_rx_internal+0x42/0x130 [74412.600957] __netif_rx+0x20/0xd0 [74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev] [74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport] [74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport] [74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd] [74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd] [74412.634046] irq_thread_fn+0x21/0x60 [74412.638134] ? irq_thread+0xa8/0x290 [74412.642218] irq_thread+0x1a0/0x290 [74412.646212] ? __pfx_irq_thread_fn+0x10/0x10 [74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10 [74412.656117] ? __pfx_irq_thread+0x10/0x10 [74412.660686] kthread+0x100/0x130 [74412.664384] ? __pfx_kthread+0x10/0x10 [74412.668639] ret_from_fork+0x31/0x50 [74412.672716] ? __pfx_kthread+0x10/0x10 [74412.676978] ret_from_fork_asm+0x1a/0x30 [74412.681457] </TASK> The cause is due to the idxd driver interrupt completion handler uses threaded interrupt and the threaded handler is not hard or soft interrupt context. However __netif_rx() can only be called from interrupt context. Change the call to netif_rx() in order to allow completion via normal context for dmaengine drivers that utilize threaded irq handling. While the following commit changed from netif_rx() to __netif_rx(), baebdf48c360 ("net: dev: Makes sure netif_rx() can be invoked in any context."), the change should've been a noop instead. However, the code precedes this fix should've been using netif_rx_ni() or netif_rx_any_context().
AI-Powered Analysis
Technical Analysis
CVE-2024-42110 is a vulnerability identified in the Linux kernel related to the handling of network packets in the context of the Non-Transparent Bridge (NTB) network device driver (ntb_netdev) and its interaction with the Intel Data Streaming Accelerator (idxd) driver. The core issue arises from improper use of the netif_rx() function within the ntb_netdev_rx_handler() callback. Specifically, the idxd driver uses a threaded interrupt handler for DMA completion, which is not executed in hard or soft interrupt context. However, the vulnerable code calls __netif_rx(), a function that must only be invoked from interrupt context. This misuse leads to a kernel BUG triggered by the use of smp_processor_id() in preemptible code, causing system instability or crashes. The root cause is a mismatch between the interrupt context expectations of netif_rx() and __netif_rx() and the actual context in which the idxd driver's interrupt handler runs. The fix involves reverting the call from __netif_rx() back to netif_rx(), which is safe to call from any context, or using netif_rx_ni() or netif_rx_any_context() to ensure proper context handling. This vulnerability affects Linux kernel versions around 6.9.5 and involves hardware platforms such as Intel ArcherCity. While no known exploits are currently reported in the wild, the flaw can cause kernel panics or denial of service due to improper interrupt handling in network packet processing paths involving the NTB transport and idxd DMA engine drivers.
Potential Impact
For European organizations relying on Linux-based infrastructure, especially those utilizing advanced networking and data acceleration hardware such as Intel's Data Streaming Accelerator (DSA) and NTB transport mechanisms, this vulnerability poses a risk of system crashes and denial of service. This can disrupt critical services, including high-performance computing clusters, data centers, and network appliances that leverage these kernel features. The instability caused by kernel panics can lead to downtime, data loss, and degraded service availability. Given the Linux kernel's widespread use in servers, cloud environments, and embedded systems across Europe, the impact could be significant in sectors such as telecommunications, finance, research institutions, and industrial control systems. Although exploitation requires specific hardware and software configurations, the vulnerability's presence in the kernel means that any affected system running the vulnerable kernel versions is at risk. The lack of authentication or user interaction requirements means that a local process or driver could trigger the issue, potentially allowing attackers or malfunctioning software to cause denial of service conditions.
Mitigation Recommendations
To mitigate CVE-2024-42110, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring that the ntb_netdev and idxd drivers are updated to use netif_rx() or equivalent safe calls for packet reception in threaded interrupt contexts. 2) Audit systems for the use of NTB transport and Intel DSA idxd drivers, prioritizing updates on systems where these are active. 3) Implement kernel live patching where possible to minimize downtime during patch deployment. 4) Monitor kernel logs for BUG messages related to smp_processor_id() in preemptible code or netif_rx_internal errors, which may indicate attempts to trigger this vulnerability or system instability. 5) Limit access to systems with vulnerable kernels to trusted users and processes to reduce the risk of local exploitation. 6) For critical infrastructure, consider isolating affected systems or disabling the use of the idxd driver or NTB transport if feasible until patches are applied. 7) Engage with hardware vendors and Linux distribution maintainers to ensure timely updates and guidance specific to affected hardware platforms.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-07-29T15:50:41.176Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9827c4522896dcbe1ab6
Added to database: 5/21/2025, 9:08:55 AM
Last enriched: 6/29/2025, 5:25:18 AM
Last updated: 7/29/2025, 4:33:34 AM
Views: 10
Related Threats
CVE-2025-8954: SQL Injection in PHPGurukul Hospital Management System
MediumCVE-2025-8953: SQL Injection in SourceCodester COVID 19 Testing Management System
MediumCVE-2025-54472: CWE-400 Uncontrolled Resource Consumption in Apache Software Foundation Apache bRPC
HighCVE-2025-48862: CWE-1104 Use of Unmaintained Third Party Components in Bosch Rexroth AG ctrlX OS - Setup
HighCVE-2025-48861: CWE-284 Improper Access Control in Bosch Rexroth AG ctrlX OS - Setup
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.