CVE-2024-44981: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4 | Hardware name: linux,dummy-virt (DT) | pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : cancel_delayed_work+0x34/0x44 | lr : cancel_delayed_work+0x2c/0x44 | sp : ffff80008002ba60 | x29: ffff80008002ba60 x28: 0000000000000000 x27: 0000000000000000 | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 | x23: 0000000000000000 x22: 0000000000000000 x21: ffff1f65014cd3c0 | x20: ffffc0e84c9d0da0 x19: ffffc0e84cab3558 x18: ffff800080009058 | x17: 00000000247ee1f8 x16: 00000000247ee1f8 x15: 00000000bdcb279d | x14: 0000000000000001 x13: 0000000000000075 x12: 00000a0000000000 | x11: ffff1f6501499018 x10: 00984901651fffff x9 : ffff5e7cc35af000 | x8 : 0000000000000001 x7 : 3d4d455453595342 x6 : 000000004e514553 | x5 : ffff1f6501499265 x4 : ffff1f650ff60b10 x3 : 0000000000000620 | x2 : ffff80008002ba78 x1 : 0000000000000000 x0 : 0000000000000000 | Call trace: | cancel_delayed_work+0x34/0x44 | deferred_probe_extend_timeout+0x20/0x70 | driver_register+0xa8/0x110 | __platform_driver_register+0x28/0x3c | syscon_init+0x24/0x38 | do_one_initcall+0xe4/0x338 | do_initcall_level+0xac/0x178 | do_initcalls+0x5c/0xa0 | do_basic_setup+0x20/0x30 | kernel_init_freeable+0x8c/0xf8 | kernel_init+0x28/0x1b4 | ret_from_fork+0x10/0x20 | Code: f9000fbf 97fffa2f 39400268 37100048 (d42aa2a0) | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: UBSAN: integer subtraction overflow: Fatal exception This is due to shift_and_mask() using a signed immediate to construct the mask and being called with a shift of 31 (WORK_OFFQ_POOL_SHIFT) so that it ends up decrementing from INT_MIN. Use an unsigned constant '1U' to generate the mask in shift_and_mask().
AI Analysis
Technical Summary
CVE-2024-44981 is a vulnerability identified in the Linux kernel's workqueue subsystem, specifically related to the function shift_and_mask(). The issue arises from the use of a signed immediate value in constructing a bitmask, which leads to an integer subtraction overflow when the function is called with a shift value of 31 (defined as WORK_OFFQ_POOL_SHIFT). This causes the calculation to decrement from INT_MIN, triggering an undefined behavior sanitizer (UBSAN) error during kernel boot, particularly observable in virtual machine environments on Android. The error manifests as a kernel panic with a message indicating an integer subtraction overflow, effectively halting the system. The root cause is the use of a signed constant in bitmask generation; the fix involves changing this to an unsigned constant ('1U') to prevent the overflow. This vulnerability affects Linux kernel versions prior to the patch and is triggered during early kernel initialization, impacting the stability and availability of systems running vulnerable kernel versions. Although no known exploits are reported in the wild, the vulnerability can cause denial of service due to kernel panic, especially in virtualized environments or Android devices using affected kernels. The vulnerability does not require user interaction or authentication to trigger, as it occurs during system boot. The affected versions are identified by specific commit hashes, indicating the issue is present in certain recent kernel builds before the fix was applied.
Potential Impact
For European organizations, the primary impact of CVE-2024-44981 is on system availability and reliability. Since the vulnerability causes kernel panics during boot, affected systems may fail to start or become unstable, leading to potential downtime. This is particularly critical for organizations relying on Linux-based virtual machines, embedded systems, or Android devices using the affected kernel versions. Industries such as telecommunications, cloud service providers, automotive, and critical infrastructure that deploy Linux kernels in virtualized or embedded environments could experience operational disruptions. The inability to boot or maintain stable operation can lead to service outages, impacting business continuity and potentially causing financial losses. Additionally, while no direct confidentiality or integrity breaches are indicated, the denial of service aspect could be exploited in targeted attacks to disrupt services. European organizations with large-scale Linux deployments, especially those using custom or older kernel versions, may face challenges in patch management and system updates to mitigate this issue promptly.
Mitigation Recommendations
To mitigate CVE-2024-44981, European organizations should prioritize updating their Linux kernels to versions that include the fix changing the bitmask construction from a signed to an unsigned constant. This involves applying the latest stable kernel patches or vendor-provided updates that address this specific issue. For organizations using Android devices or virtual machines, ensuring that the underlying kernel is updated is critical. Additionally, system administrators should audit their environments to identify systems running vulnerable kernel versions, particularly focusing on virtualized platforms and embedded devices. Implementing robust testing procedures for kernel updates in staging environments can prevent unexpected downtime. Where immediate patching is not feasible, organizations might consider restricting deployment of affected kernel versions in production or using kernel boot parameters to disable affected workqueue features if possible, though this may reduce functionality. Monitoring system logs for UBSAN errors or kernel panics related to workqueue operations can help detect attempts to trigger this vulnerability. Finally, maintaining an inventory of Linux kernel versions across infrastructure and automating patch management will reduce exposure to such vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-44981: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4 | Hardware name: linux,dummy-virt (DT) | pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) | pc : cancel_delayed_work+0x34/0x44 | lr : cancel_delayed_work+0x2c/0x44 | sp : ffff80008002ba60 | x29: ffff80008002ba60 x28: 0000000000000000 x27: 0000000000000000 | x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000 | x23: 0000000000000000 x22: 0000000000000000 x21: ffff1f65014cd3c0 | x20: ffffc0e84c9d0da0 x19: ffffc0e84cab3558 x18: ffff800080009058 | x17: 00000000247ee1f8 x16: 00000000247ee1f8 x15: 00000000bdcb279d | x14: 0000000000000001 x13: 0000000000000075 x12: 00000a0000000000 | x11: ffff1f6501499018 x10: 00984901651fffff x9 : ffff5e7cc35af000 | x8 : 0000000000000001 x7 : 3d4d455453595342 x6 : 000000004e514553 | x5 : ffff1f6501499265 x4 : ffff1f650ff60b10 x3 : 0000000000000620 | x2 : ffff80008002ba78 x1 : 0000000000000000 x0 : 0000000000000000 | Call trace: | cancel_delayed_work+0x34/0x44 | deferred_probe_extend_timeout+0x20/0x70 | driver_register+0xa8/0x110 | __platform_driver_register+0x28/0x3c | syscon_init+0x24/0x38 | do_one_initcall+0xe4/0x338 | do_initcall_level+0xac/0x178 | do_initcalls+0x5c/0xa0 | do_basic_setup+0x20/0x30 | kernel_init_freeable+0x8c/0xf8 | kernel_init+0x28/0x1b4 | ret_from_fork+0x10/0x20 | Code: f9000fbf 97fffa2f 39400268 37100048 (d42aa2a0) | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: UBSAN: integer subtraction overflow: Fatal exception This is due to shift_and_mask() using a signed immediate to construct the mask and being called with a shift of 31 (WORK_OFFQ_POOL_SHIFT) so that it ends up decrementing from INT_MIN. Use an unsigned constant '1U' to generate the mask in shift_and_mask().
AI-Powered Analysis
Technical Analysis
CVE-2024-44981 is a vulnerability identified in the Linux kernel's workqueue subsystem, specifically related to the function shift_and_mask(). The issue arises from the use of a signed immediate value in constructing a bitmask, which leads to an integer subtraction overflow when the function is called with a shift value of 31 (defined as WORK_OFFQ_POOL_SHIFT). This causes the calculation to decrement from INT_MIN, triggering an undefined behavior sanitizer (UBSAN) error during kernel boot, particularly observable in virtual machine environments on Android. The error manifests as a kernel panic with a message indicating an integer subtraction overflow, effectively halting the system. The root cause is the use of a signed constant in bitmask generation; the fix involves changing this to an unsigned constant ('1U') to prevent the overflow. This vulnerability affects Linux kernel versions prior to the patch and is triggered during early kernel initialization, impacting the stability and availability of systems running vulnerable kernel versions. Although no known exploits are reported in the wild, the vulnerability can cause denial of service due to kernel panic, especially in virtualized environments or Android devices using affected kernels. The vulnerability does not require user interaction or authentication to trigger, as it occurs during system boot. The affected versions are identified by specific commit hashes, indicating the issue is present in certain recent kernel builds before the fix was applied.
Potential Impact
For European organizations, the primary impact of CVE-2024-44981 is on system availability and reliability. Since the vulnerability causes kernel panics during boot, affected systems may fail to start or become unstable, leading to potential downtime. This is particularly critical for organizations relying on Linux-based virtual machines, embedded systems, or Android devices using the affected kernel versions. Industries such as telecommunications, cloud service providers, automotive, and critical infrastructure that deploy Linux kernels in virtualized or embedded environments could experience operational disruptions. The inability to boot or maintain stable operation can lead to service outages, impacting business continuity and potentially causing financial losses. Additionally, while no direct confidentiality or integrity breaches are indicated, the denial of service aspect could be exploited in targeted attacks to disrupt services. European organizations with large-scale Linux deployments, especially those using custom or older kernel versions, may face challenges in patch management and system updates to mitigate this issue promptly.
Mitigation Recommendations
To mitigate CVE-2024-44981, European organizations should prioritize updating their Linux kernels to versions that include the fix changing the bitmask construction from a signed to an unsigned constant. This involves applying the latest stable kernel patches or vendor-provided updates that address this specific issue. For organizations using Android devices or virtual machines, ensuring that the underlying kernel is updated is critical. Additionally, system administrators should audit their environments to identify systems running vulnerable kernel versions, particularly focusing on virtualized platforms and embedded devices. Implementing robust testing procedures for kernel updates in staging environments can prevent unexpected downtime. Where immediate patching is not feasible, organizations might consider restricting deployment of affected kernel versions in production or using kernel boot parameters to disable affected workqueue features if possible, though this may reduce functionality. Monitoring system logs for UBSAN errors or kernel panics related to workqueue operations can help detect attempts to trigger this vulnerability. Finally, maintaining an inventory of Linux kernel versions across infrastructure and automating patch management will reduce exposure to such vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-08-21T05:34:56.670Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9826c4522896dcbe0dca
Added to database: 5/21/2025, 9:08:54 AM
Last enriched: 6/28/2025, 11:25:14 PM
Last updated: 8/13/2025, 2:57:07 PM
Views: 21
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.