CVE-2024-44975: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4 RIP: 0010:partition_sched_domains_locked+0x483/0x600 Code: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9 RSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202 RAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80 RBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000 R10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002 R13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0 Call Trace: <TASK> ? show_regs+0x8c/0xa0 ? __die_body+0x23/0xa0 ? __die+0x3a/0x50 ? page_fault_oops+0x1d2/0x5c0 ? partition_sched_domains_locked+0x483/0x600 ? search_module_extables+0x2a/0xb0 ? search_exception_tables+0x67/0x90 ? kernelmode_fixup_or_oops+0x144/0x1b0 ? __bad_area_nosemaphore+0x211/0x360 ? up_read+0x3b/0x50 ? bad_area_nosemaphore+0x1a/0x30 ? exc_page_fault+0x890/0xd90 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? asm_exc_page_fault+0x26/0x30 ? partition_sched_domains_locked+0x483/0x600 ? partition_sched_domains_locked+0xf0/0x600 rebuild_sched_domains_locked+0x806/0xdc0 update_partition_sd_lb+0x118/0x130 cpuset_write_resmask+0xffc/0x1420 cgroup_file_write+0xb2/0x290 kernfs_fop_write_iter+0x194/0x290 new_sync_write+0xeb/0x160 vfs_write+0x16f/0x1d0 ksys_write+0x81/0x180 __x64_sys_write+0x21/0x30 x64_sys_call+0x2f25/0x4630 do_syscall_64+0x44/0xb0 entry_SYSCALL_64_after_hwframe+0x78/0xe2 RIP: 0033:0x7f44a553c887 It can be reproduced with cammands: cd /sys/fs/cgroup/ mkdir test cd test/ echo +cpuset > ../cgroup.subtree_control echo root > cpuset.cpus.partition cat /sys/fs/cgroup/cpuset.cpus.effective 0-3 echo 0-3 > cpuset.cpus // taking away all cpus from root This issue is caused by the incorrect rebuilding of scheduling domains. In this scenario, test/cpuset.cpus.partition should be an invalid root and should not trigger the rebuilding of scheduling domains. When calling update_parent_effective_cpumask with partcmd_update, if newmask is not null, it should recheck newmask whether there are cpus is available for parect/cs that has tasks.
AI Analysis
Technical Summary
CVE-2024-44975 is a vulnerability in the Linux kernel's cgroup cpuset subsystem that can cause a kernel panic due to improper handling of CPU partition masks. The issue arises from incorrect rebuilding of scheduling domains when manipulating cpuset CPU partitions. Specifically, when a cpuset's CPU partition mask is updated via the partcmd_update function, the kernel fails to properly validate the new CPU mask. This can lead to a scenario where the cpuset is incorrectly treated as a valid root cpuset, triggering a rebuild of scheduling domains with an invalid CPU mask. The vulnerability manifests as a page fault in the kernel, resulting in an 'Oops' panic and system crash. The provided reproduction steps involve creating a new cgroup cpuset, enabling cpuset subtree control, setting cpuset.cpus.partition to 'root', and then removing all CPUs from the root cpuset, which triggers the panic. The root cause is that the update_parent_effective_cpumask function does not correctly recheck the new CPU mask for availability, leading to invalid scheduling domain rebuilds. This vulnerability affects Linux kernel versions around 6.6.0-10893-g60d6 and likely other versions with similar cpuset implementations. No known exploits are reported in the wild yet. The vulnerability can cause denial of service by crashing the kernel, impacting system availability. It requires local access to manipulate cgroup cpuset controls, so exploitation is limited to local or containerized environments with sufficient privileges. However, given Linux's widespread use in servers, cloud infrastructure, and embedded devices, this vulnerability poses a risk to systems relying on cgroup CPU partitioning for resource management.
Potential Impact
For European organizations, the impact of CVE-2024-44975 primarily involves potential denial of service due to kernel panics on Linux systems using cgroup cpuset features. This can disrupt critical services, especially in data centers, cloud providers, and enterprises relying on Linux for server workloads and container orchestration (e.g., Kubernetes). Systems that use CPU partitioning for workload isolation or resource control are particularly at risk. The vulnerability could be exploited by malicious insiders or compromised containers to crash host systems or virtual machines, leading to service outages and operational disruptions. This may affect sectors such as finance, telecommunications, healthcare, and government services that depend heavily on Linux infrastructure. Additionally, embedded Linux devices used in industrial control or IoT deployments in Europe could experience reliability issues if exposed. Although no remote exploitation is indicated, the risk of local privilege escalation or container escape attempts leveraging this bug cannot be fully excluded, increasing the threat to multi-tenant cloud environments. Overall, the vulnerability threatens system availability and operational continuity in European organizations with Linux-based infrastructure.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the cpuset scheduling domain rebuild logic as soon as they become available from trusted sources or Linux distributions. 2. Monitor Linux distribution security advisories (e.g., Debian, Ubuntu, Red Hat, SUSE) for updated kernel packages addressing CVE-2024-44975 and prioritize timely deployment. 3. Restrict access to cgroup cpuset controls to trusted administrators only, minimizing the risk of unprivileged users triggering the vulnerability. 4. In containerized environments, enforce strict container isolation and limit capabilities that allow manipulation of cpuset controls to reduce attack surface. 5. Implement kernel crash monitoring and alerting to detect and respond rapidly to any kernel panics potentially caused by this issue. 6. Consider temporarily disabling cpuset CPU partitioning features if feasible and if patching is delayed, to prevent exploitation. 7. Conduct thorough testing of kernel updates in staging environments to ensure stability before production rollout. 8. Maintain comprehensive logging of cgroup and cpuset operations to aid forensic analysis if exploitation is suspected.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-44975: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4 RIP: 0010:partition_sched_domains_locked+0x483/0x600 Code: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 c0 48 9 RSP: 0018:ffffc90000fdbc58 EFLAGS: 00000202 RAX: 0000000100000003 RBX: ffff888100b3dfa0 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000002fe80 RBP: ffff888100b3dfb0 R08: 0000000000000001 R09: 0000000000000000 R10: ffffc90000fdbcb0 R11: 0000000000000004 R12: 0000000000000002 R13: ffff888100a92b48 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f44a5425740(0000) GS:ffff888237d80000(0000) knlGS:0000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000100030973 CR3: 000000010722c000 CR4: 00000000000006e0 Call Trace: <TASK> ? show_regs+0x8c/0xa0 ? __die_body+0x23/0xa0 ? __die+0x3a/0x50 ? page_fault_oops+0x1d2/0x5c0 ? partition_sched_domains_locked+0x483/0x600 ? search_module_extables+0x2a/0xb0 ? search_exception_tables+0x67/0x90 ? kernelmode_fixup_or_oops+0x144/0x1b0 ? __bad_area_nosemaphore+0x211/0x360 ? up_read+0x3b/0x50 ? bad_area_nosemaphore+0x1a/0x30 ? exc_page_fault+0x890/0xd90 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? __lock_acquire.constprop.0+0x24f/0x8d0 ? asm_exc_page_fault+0x26/0x30 ? partition_sched_domains_locked+0x483/0x600 ? partition_sched_domains_locked+0xf0/0x600 rebuild_sched_domains_locked+0x806/0xdc0 update_partition_sd_lb+0x118/0x130 cpuset_write_resmask+0xffc/0x1420 cgroup_file_write+0xb2/0x290 kernfs_fop_write_iter+0x194/0x290 new_sync_write+0xeb/0x160 vfs_write+0x16f/0x1d0 ksys_write+0x81/0x180 __x64_sys_write+0x21/0x30 x64_sys_call+0x2f25/0x4630 do_syscall_64+0x44/0xb0 entry_SYSCALL_64_after_hwframe+0x78/0xe2 RIP: 0033:0x7f44a553c887 It can be reproduced with cammands: cd /sys/fs/cgroup/ mkdir test cd test/ echo +cpuset > ../cgroup.subtree_control echo root > cpuset.cpus.partition cat /sys/fs/cgroup/cpuset.cpus.effective 0-3 echo 0-3 > cpuset.cpus // taking away all cpus from root This issue is caused by the incorrect rebuilding of scheduling domains. In this scenario, test/cpuset.cpus.partition should be an invalid root and should not trigger the rebuilding of scheduling domains. When calling update_parent_effective_cpumask with partcmd_update, if newmask is not null, it should recheck newmask whether there are cpus is available for parect/cs that has tasks.
AI-Powered Analysis
Technical Analysis
CVE-2024-44975 is a vulnerability in the Linux kernel's cgroup cpuset subsystem that can cause a kernel panic due to improper handling of CPU partition masks. The issue arises from incorrect rebuilding of scheduling domains when manipulating cpuset CPU partitions. Specifically, when a cpuset's CPU partition mask is updated via the partcmd_update function, the kernel fails to properly validate the new CPU mask. This can lead to a scenario where the cpuset is incorrectly treated as a valid root cpuset, triggering a rebuild of scheduling domains with an invalid CPU mask. The vulnerability manifests as a page fault in the kernel, resulting in an 'Oops' panic and system crash. The provided reproduction steps involve creating a new cgroup cpuset, enabling cpuset subtree control, setting cpuset.cpus.partition to 'root', and then removing all CPUs from the root cpuset, which triggers the panic. The root cause is that the update_parent_effective_cpumask function does not correctly recheck the new CPU mask for availability, leading to invalid scheduling domain rebuilds. This vulnerability affects Linux kernel versions around 6.6.0-10893-g60d6 and likely other versions with similar cpuset implementations. No known exploits are reported in the wild yet. The vulnerability can cause denial of service by crashing the kernel, impacting system availability. It requires local access to manipulate cgroup cpuset controls, so exploitation is limited to local or containerized environments with sufficient privileges. However, given Linux's widespread use in servers, cloud infrastructure, and embedded devices, this vulnerability poses a risk to systems relying on cgroup CPU partitioning for resource management.
Potential Impact
For European organizations, the impact of CVE-2024-44975 primarily involves potential denial of service due to kernel panics on Linux systems using cgroup cpuset features. This can disrupt critical services, especially in data centers, cloud providers, and enterprises relying on Linux for server workloads and container orchestration (e.g., Kubernetes). Systems that use CPU partitioning for workload isolation or resource control are particularly at risk. The vulnerability could be exploited by malicious insiders or compromised containers to crash host systems or virtual machines, leading to service outages and operational disruptions. This may affect sectors such as finance, telecommunications, healthcare, and government services that depend heavily on Linux infrastructure. Additionally, embedded Linux devices used in industrial control or IoT deployments in Europe could experience reliability issues if exposed. Although no remote exploitation is indicated, the risk of local privilege escalation or container escape attempts leveraging this bug cannot be fully excluded, increasing the threat to multi-tenant cloud environments. Overall, the vulnerability threatens system availability and operational continuity in European organizations with Linux-based infrastructure.
Mitigation Recommendations
1. Apply the official Linux kernel patches that fix the cpuset scheduling domain rebuild logic as soon as they become available from trusted sources or Linux distributions. 2. Monitor Linux distribution security advisories (e.g., Debian, Ubuntu, Red Hat, SUSE) for updated kernel packages addressing CVE-2024-44975 and prioritize timely deployment. 3. Restrict access to cgroup cpuset controls to trusted administrators only, minimizing the risk of unprivileged users triggering the vulnerability. 4. In containerized environments, enforce strict container isolation and limit capabilities that allow manipulation of cpuset controls to reduce attack surface. 5. Implement kernel crash monitoring and alerting to detect and respond rapidly to any kernel panics potentially caused by this issue. 6. Consider temporarily disabling cpuset CPU partitioning features if feasible and if patching is delayed, to prevent exploitation. 7. Conduct thorough testing of kernel updates in staging environments to ensure stability before production rollout. 8. Maintain comprehensive logging of cgroup and cpuset operations to aid forensic analysis if exploitation is suspected.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-21T05:34:56.669Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0d8d
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 11:12:16 PM
Last updated: 7/31/2025, 12:42:30 PM
Views: 16
Related Threats
Plex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumCVE-2025-9051: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-1929: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.