CVE-2024-47735: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled Fix missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold. This was discovered through the lock debugging, and the corresponding log is as follows: raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 ... Call trace: warn_bogus_irq_restore+0x30/0x40 _raw_spin_unlock_irqrestore+0x84/0xc8 add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2] hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2] hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2] create_qp+0x138/0x258 ib_create_qp_kernel+0x50/0xe8 create_mad_qp+0xa8/0x128 ib_mad_port_open+0x218/0x448 ib_mad_init_device+0x70/0x1f8 add_client_context+0xfc/0x220 enable_device_and_get+0xd0/0x140 ib_register_device.part.0+0xf4/0x1c8 ib_register_device+0x34/0x50 hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2] hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2] __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2] hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]
AI Analysis
Technical Summary
CVE-2024-47735 is a vulnerability identified in the Linux kernel specifically within the RDMA (Remote Direct Memory Access) subsystem, more precisely in the hns_roce_hw_v2 driver module. The issue stems from improper use of spinlock APIs related to interrupt handling: spin_unlock_irqrestore() was called while IRQs (interrupt requests) were still enabled, which violates kernel locking semantics. The root cause is misuse of spin_lock_irq()/spin_unlock_irq() functions when spin_lock_irqsave()/spin_unlock_irqrestore() should have been used instead. This incorrect locking behavior was detected through kernel lock debugging mechanisms, which generated warnings such as "raw_local_irq_restore() called with IRQs enabled". The call trace shows the problem occurring during queue pair (QP) creation and device registration routines within the hns_roce driver, which handles RDMA hardware from Huawei (HiSilicon). Improper interrupt flag restoration can lead to race conditions, deadlocks, or kernel instability. While no known exploits are currently reported in the wild, this vulnerability affects Linux kernel versions containing the faulty code identified by the commit hash 9a4435375cd151e07c0c38fa601b00115986091b. The vulnerability was publicly disclosed on October 21, 2024, and a patch has been applied in the kernel source to correct the locking calls and prevent IRQ mismanagement. No CVSS score has been assigned yet, but the technical details indicate a kernel-level concurrency bug in a critical subsystem used for high-performance networking and storage operations.
Potential Impact
For European organizations, the impact of CVE-2024-47735 could be significant in environments relying on Linux servers with RDMA capabilities, particularly those using Huawei HiSilicon RDMA hardware or similar RDMA implementations. RDMA is commonly used in data centers, high-performance computing clusters, and enterprise storage networks to achieve low-latency and high-throughput communication. A kernel locking bug that mishandles interrupt flags can cause system instability, kernel panics, or deadlocks, potentially leading to denial of service (DoS) conditions. This can disrupt critical services, especially in sectors such as finance, telecommunications, research institutions, and cloud service providers that depend on stable and performant Linux infrastructure. Although no direct exploitation is known, the vulnerability could be leveraged by local attackers or malicious insiders with kernel-level access to cause system crashes or to escalate privileges by exploiting race conditions. The confidentiality and integrity impact is limited unless combined with other vulnerabilities, but availability impact is moderate to high due to potential system instability. European organizations with RDMA-enabled Linux systems should prioritize patching to maintain operational continuity.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that corrects the misuse of spin_lock_irq()/spin_unlock_irq() calls in the hns_roce_hw_v2 driver is essential. Monitor Linux kernel mailing lists and vendor advisories for updated stable kernel releases containing this fix. 2. For organizations using custom or long-term support kernels, backport the patch carefully to avoid regressions. 3. Conduct thorough testing in staging environments to verify that the patch resolves the IRQ handling issue without introducing new stability problems. 4. Restrict kernel module loading and ensure only trusted drivers are installed to reduce risk exposure. 5. Monitor kernel logs for warnings related to IRQ flag restoration or spinlock misuse, which could indicate attempts to trigger this vulnerability or related kernel bugs. 6. Implement strict access controls to limit local user privileges, as exploitation requires kernel-level code execution or local access. 7. Maintain up-to-date backups and disaster recovery plans to mitigate potential downtime caused by kernel instability. 8. Engage with hardware vendors to confirm compatibility and support for patched kernel versions, especially for RDMA hardware from Huawei or other suppliers using the hns_roce driver.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-47735: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled Fix missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold. This was discovered through the lock debugging, and the corresponding log is as follows: raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 ... Call trace: warn_bogus_irq_restore+0x30/0x40 _raw_spin_unlock_irqrestore+0x84/0xc8 add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2] hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2] hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2] create_qp+0x138/0x258 ib_create_qp_kernel+0x50/0xe8 create_mad_qp+0xa8/0x128 ib_mad_port_open+0x218/0x448 ib_mad_init_device+0x70/0x1f8 add_client_context+0xfc/0x220 enable_device_and_get+0xd0/0x140 ib_register_device.part.0+0xf4/0x1c8 ib_register_device+0x34/0x50 hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2] hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2] __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2] hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2]
AI-Powered Analysis
Technical Analysis
CVE-2024-47735 is a vulnerability identified in the Linux kernel specifically within the RDMA (Remote Direct Memory Access) subsystem, more precisely in the hns_roce_hw_v2 driver module. The issue stems from improper use of spinlock APIs related to interrupt handling: spin_unlock_irqrestore() was called while IRQs (interrupt requests) were still enabled, which violates kernel locking semantics. The root cause is misuse of spin_lock_irq()/spin_unlock_irq() functions when spin_lock_irqsave()/spin_unlock_irqrestore() should have been used instead. This incorrect locking behavior was detected through kernel lock debugging mechanisms, which generated warnings such as "raw_local_irq_restore() called with IRQs enabled". The call trace shows the problem occurring during queue pair (QP) creation and device registration routines within the hns_roce driver, which handles RDMA hardware from Huawei (HiSilicon). Improper interrupt flag restoration can lead to race conditions, deadlocks, or kernel instability. While no known exploits are currently reported in the wild, this vulnerability affects Linux kernel versions containing the faulty code identified by the commit hash 9a4435375cd151e07c0c38fa601b00115986091b. The vulnerability was publicly disclosed on October 21, 2024, and a patch has been applied in the kernel source to correct the locking calls and prevent IRQ mismanagement. No CVSS score has been assigned yet, but the technical details indicate a kernel-level concurrency bug in a critical subsystem used for high-performance networking and storage operations.
Potential Impact
For European organizations, the impact of CVE-2024-47735 could be significant in environments relying on Linux servers with RDMA capabilities, particularly those using Huawei HiSilicon RDMA hardware or similar RDMA implementations. RDMA is commonly used in data centers, high-performance computing clusters, and enterprise storage networks to achieve low-latency and high-throughput communication. A kernel locking bug that mishandles interrupt flags can cause system instability, kernel panics, or deadlocks, potentially leading to denial of service (DoS) conditions. This can disrupt critical services, especially in sectors such as finance, telecommunications, research institutions, and cloud service providers that depend on stable and performant Linux infrastructure. Although no direct exploitation is known, the vulnerability could be leveraged by local attackers or malicious insiders with kernel-level access to cause system crashes or to escalate privileges by exploiting race conditions. The confidentiality and integrity impact is limited unless combined with other vulnerabilities, but availability impact is moderate to high due to potential system instability. European organizations with RDMA-enabled Linux systems should prioritize patching to maintain operational continuity.
Mitigation Recommendations
1. Immediate application of the official Linux kernel patch that corrects the misuse of spin_lock_irq()/spin_unlock_irq() calls in the hns_roce_hw_v2 driver is essential. Monitor Linux kernel mailing lists and vendor advisories for updated stable kernel releases containing this fix. 2. For organizations using custom or long-term support kernels, backport the patch carefully to avoid regressions. 3. Conduct thorough testing in staging environments to verify that the patch resolves the IRQ handling issue without introducing new stability problems. 4. Restrict kernel module loading and ensure only trusted drivers are installed to reduce risk exposure. 5. Monitor kernel logs for warnings related to IRQ flag restoration or spinlock misuse, which could indicate attempts to trigger this vulnerability or related kernel bugs. 6. Implement strict access controls to limit local user privileges, as exploitation requires kernel-level code execution or local access. 7. Maintain up-to-date backups and disaster recovery plans to mitigate potential downtime caused by kernel instability. 8. Engage with hardware vendors to confirm compatibility and support for patched kernel versions, especially for RDMA hardware from Huawei or other suppliers using the hns_roce driver.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-09-30T16:00:12.958Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe0650
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 8:11:37 PM
Last updated: 8/1/2025, 12:44:54 AM
Views: 16
Related Threats
CVE-2025-3892: CWE-250: Execution with Unnecessary Privileges in Axis Communications AB AXIS OS
MediumCVE-2025-30027: CWE-1287: Improper Validation of Specified Type of Input in Axis Communications AB AXIS OS
MediumCVE-2025-7622: CWE-918: Server-Side Request Forgery (SSRF) in Axis Communications AB AXIS Camera Station Pro
MediumCVE-2025-8314: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in emarket-design Project Management, Bug and Issue Tracking Plugin – Software Issue Manager
MediumCVE-2025-8059: CWE-862 Missing Authorization in bplugins B Blocks – The ultimate block collection
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.