CVE-2024-47696: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock. The call trace is as below: [ 125.350876][ T1430] Call Trace: [ 125.356281][ T1430] <TASK> [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239) [ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231) [ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339) [ 125.531837][ T1430] kthread (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] </TASK> [ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---
AI Analysis
Technical Summary
CVE-2024-47696 is a vulnerability in the Linux kernel related to the RDMA (Remote Direct Memory Access) subsystem, specifically within the iwcm (InfiniBand communication manager) component. The issue arises from improper handling of workqueues during the destruction of communication manager IDs (CM IDs). The vulnerability is triggered when the kernel function flush_workqueue is called on a workqueue (iwcm_wq) that was created without the WQ_MEM_RECLAIM flag, using alloc_ordered_workqueue. This flag is critical because it allows the workqueue to reclaim memory under certain conditions, preventing deadlocks during memory reclaim operations. Without this flag, if the current process is attempting to flush the entire iwcm_wq while either reclaiming memory or running on a workqueue lacking WQ_MEM_RECLAIM, it can violate the forward-progress guarantee of the kernel's workqueue subsystem, leading to a deadlock. The kernel logs and call trace provided indicate that this deadlock manifests as a WARNING triggered by check_flush_dependency in kernel/workqueue.c, followed by a kernel panic or bug report. The root cause is a use-after-free condition related to destroying CM IDs, which was addressed in commit aee2424246f9. This vulnerability affects multiple Linux kernel versions identified by specific commit hashes. Although no public exploits are known at this time, the flaw could cause system instability or denial of service (DoS) on affected systems using RDMA over InfiniBand, particularly in environments relying on NVMe over RDMA. The vulnerability does not appear to allow privilege escalation or arbitrary code execution but can cause kernel deadlocks and crashes, impacting system availability.
Potential Impact
For European organizations, especially those operating data centers, HPC clusters, or storage infrastructures utilizing RDMA technologies (such as InfiniBand and NVMe over RDMA), this vulnerability poses a significant risk to system availability. The deadlock can cause kernel panics or system hangs, leading to unplanned downtime and potential data access interruptions. Industries such as finance, telecommunications, research institutions, and cloud service providers in Europe that rely on high-performance networking and storage solutions may experience operational disruptions. While confidentiality and integrity are not directly impacted, the availability impact can affect business continuity and service level agreements. Additionally, recovery from such deadlocks may require system reboots, which can be costly and disruptive. The lack of known exploits reduces immediate risk, but the complexity of the issue and its presence in the Linux kernel necessitate prompt attention to avoid potential future exploitation or accidental triggering in production environments.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2. Monitor kernel updates from your Linux distribution and prioritize upgrading kernels to versions including the fix (commit aee2424246f9 or later). 3. If immediate patching is not feasible, consider disabling or limiting the use of RDMA/iwcm features, especially in non-critical environments, to reduce exposure. 4. Implement robust monitoring for kernel warnings and errors related to workqueues and RDMA components to detect early signs of deadlocks or instability. 5. Test kernel updates in staging environments that replicate production RDMA workloads to ensure stability before deployment. 6. Coordinate with hardware vendors and RDMA solution providers to confirm compatibility and support for patched kernels. 7. Review and audit RDMA usage policies and configurations to minimize unnecessary use of workqueues that lack WQ_MEM_RECLAIM flags. 8. Maintain comprehensive backups and disaster recovery plans to mitigate the impact of potential system crashes caused by this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Switzerland, Italy, Spain
CVE-2024-47696: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock. The call trace is as below: [ 125.350876][ T1430] Call Trace: [ 125.356281][ T1430] <TASK> [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239) [ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231) [ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339) [ 125.531837][ T1430] kthread (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] </TASK> [ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---
AI-Powered Analysis
Technical Analysis
CVE-2024-47696 is a vulnerability in the Linux kernel related to the RDMA (Remote Direct Memory Access) subsystem, specifically within the iwcm (InfiniBand communication manager) component. The issue arises from improper handling of workqueues during the destruction of communication manager IDs (CM IDs). The vulnerability is triggered when the kernel function flush_workqueue is called on a workqueue (iwcm_wq) that was created without the WQ_MEM_RECLAIM flag, using alloc_ordered_workqueue. This flag is critical because it allows the workqueue to reclaim memory under certain conditions, preventing deadlocks during memory reclaim operations. Without this flag, if the current process is attempting to flush the entire iwcm_wq while either reclaiming memory or running on a workqueue lacking WQ_MEM_RECLAIM, it can violate the forward-progress guarantee of the kernel's workqueue subsystem, leading to a deadlock. The kernel logs and call trace provided indicate that this deadlock manifests as a WARNING triggered by check_flush_dependency in kernel/workqueue.c, followed by a kernel panic or bug report. The root cause is a use-after-free condition related to destroying CM IDs, which was addressed in commit aee2424246f9. This vulnerability affects multiple Linux kernel versions identified by specific commit hashes. Although no public exploits are known at this time, the flaw could cause system instability or denial of service (DoS) on affected systems using RDMA over InfiniBand, particularly in environments relying on NVMe over RDMA. The vulnerability does not appear to allow privilege escalation or arbitrary code execution but can cause kernel deadlocks and crashes, impacting system availability.
Potential Impact
For European organizations, especially those operating data centers, HPC clusters, or storage infrastructures utilizing RDMA technologies (such as InfiniBand and NVMe over RDMA), this vulnerability poses a significant risk to system availability. The deadlock can cause kernel panics or system hangs, leading to unplanned downtime and potential data access interruptions. Industries such as finance, telecommunications, research institutions, and cloud service providers in Europe that rely on high-performance networking and storage solutions may experience operational disruptions. While confidentiality and integrity are not directly impacted, the availability impact can affect business continuity and service level agreements. Additionally, recovery from such deadlocks may require system reboots, which can be costly and disruptive. The lack of known exploits reduces immediate risk, but the complexity of the issue and its presence in the Linux kernel necessitate prompt attention to avoid potential future exploitation or accidental triggering in production environments.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address this vulnerability as soon as they become available from trusted sources or Linux distribution vendors. 2. Monitor kernel updates from your Linux distribution and prioritize upgrading kernels to versions including the fix (commit aee2424246f9 or later). 3. If immediate patching is not feasible, consider disabling or limiting the use of RDMA/iwcm features, especially in non-critical environments, to reduce exposure. 4. Implement robust monitoring for kernel warnings and errors related to workqueues and RDMA components to detect early signs of deadlocks or instability. 5. Test kernel updates in staging environments that replicate production RDMA workloads to ensure stability before deployment. 6. Coordinate with hardware vendors and RDMA solution providers to confirm compatibility and support for patched kernels. 7. Review and audit RDMA usage policies and configurations to minimize unnecessary use of workqueues that lack WQ_MEM_RECLAIM flags. 8. Maintain comprehensive backups and disaster recovery plans to mitigate the impact of potential system crashes caused by this vulnerability.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.942Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe051f
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 7:40:56 PM
Last updated: 8/8/2025, 10:41:01 PM
Views: 12
Related Threats
CVE-2025-5296: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Schneider Electric SESU
HighCVE-2025-6625: CWE-20 Improper Input Validation in Schneider Electric Modicon M340
HighCVE-2025-57703: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57702: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumCVE-2025-57701: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Delta Electronics DIAEnergie
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.