CVE-2024-49569: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006 #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362 #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25 RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574 RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004 RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b This due to we have quiesced admi_q before cancel requests, but forgot to unquiesce before destroy it, as a result we fail to drain the pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and simplify the code.
AI Analysis
Technical Summary
CVE-2024-49569 is a vulnerability identified in the Linux kernel's NVMe over RDMA (Remote Direct Memory Access) subsystem, specifically within the handling of the admin queue (admin_q) lifecycle. The issue arises during the destruction of the admin queue when a controller creation fails. The kernel code quiesces (pauses) the admin queue before canceling outstanding requests but fails to unquiesce (resume) it before destroying the queue. This omission leads to a deadlock condition where the kernel hangs indefinitely in the blk_mq_freeze_queue_wait() function, which waits for the queue to drain pending requests. The root cause is that the pending requests cannot be drained because the queue remains quiesced, causing the system to stall. The vulnerability is triggered during nvme_rdma_destroy_admin_queue() and nvme_rdma_create_ctrl() operations, which are part of the NVMe RDMA driver stack. The kernel call trace provided shows the hang occurring in the scheduling and block multi-queue freeze functions, indicating a system-level freeze rather than a crash or memory corruption. The fix involves reusing the teardown logic to properly unquiesce the admin queue before destruction, ensuring pending requests are drained and preventing the hang. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is present in certain recent or development kernel builds. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts systems using NVMe over RDMA, which is common in high-performance computing, data centers, and enterprise storage environments where low-latency, high-throughput storage access is critical.
Potential Impact
For European organizations, the impact of CVE-2024-49569 can be significant in environments relying on Linux servers with NVMe over RDMA storage configurations. Such setups are prevalent in data centers, cloud service providers, research institutions, and enterprises with high-performance storage needs. The kernel hang caused by this vulnerability leads to denial of service (DoS) conditions, where affected systems become unresponsive, potentially disrupting critical applications and services. This can result in operational downtime, data processing delays, and increased recovery costs. While the vulnerability does not appear to allow privilege escalation or data corruption directly, the availability impact alone can affect business continuity, especially for sectors like finance, telecommunications, healthcare, and manufacturing that depend on reliable storage infrastructure. Additionally, the hang could complicate automated orchestration and failover mechanisms, increasing the risk of cascading failures in clustered or virtualized environments. Since no authentication or user interaction is required to trigger the hang (it occurs during controller creation failure), the attack surface includes any process or component that interacts with the NVMe RDMA driver, potentially including remote management interfaces if exposed. However, exploitation requires specific hardware and software configurations, limiting the scope to organizations using NVMe over RDMA on Linux kernels with the vulnerable versions.
Mitigation Recommendations
To mitigate CVE-2024-49569, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring the NVMe RDMA driver properly unquiesces the admin queue before destruction. 2) Audit and inventory systems using NVMe over RDMA to identify those running affected kernel versions, prioritizing patch deployment on critical infrastructure. 3) Implement monitoring for kernel hangs or unresponsive NVMe devices to detect potential exploitation or system instability early. 4) Where possible, limit exposure of NVMe RDMA interfaces to trusted networks and restrict access to management interfaces that could trigger controller creation or destruction. 5) Consider fallback or redundancy mechanisms for storage access to minimize downtime impact if a hang occurs. 6) Engage with hardware and software vendors to confirm compatibility and support for patched kernels and updated NVMe RDMA drivers. 7) Test patches in staging environments to ensure stability and performance are maintained post-update. These steps go beyond generic advice by focusing on the specific NVMe RDMA subsystem, emphasizing inventory, monitoring, and controlled exposure to reduce risk.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Switzerland, Belgium, Italy, Spain
CVE-2024-49569: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006 #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362 #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25 RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574 RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004 RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b This due to we have quiesced admi_q before cancel requests, but forgot to unquiesce before destroy it, as a result we fail to drain the pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and simplify the code.
AI-Powered Analysis
Technical Analysis
CVE-2024-49569 is a vulnerability identified in the Linux kernel's NVMe over RDMA (Remote Direct Memory Access) subsystem, specifically within the handling of the admin queue (admin_q) lifecycle. The issue arises during the destruction of the admin queue when a controller creation fails. The kernel code quiesces (pauses) the admin queue before canceling outstanding requests but fails to unquiesce (resume) it before destroying the queue. This omission leads to a deadlock condition where the kernel hangs indefinitely in the blk_mq_freeze_queue_wait() function, which waits for the queue to drain pending requests. The root cause is that the pending requests cannot be drained because the queue remains quiesced, causing the system to stall. The vulnerability is triggered during nvme_rdma_destroy_admin_queue() and nvme_rdma_create_ctrl() operations, which are part of the NVMe RDMA driver stack. The kernel call trace provided shows the hang occurring in the scheduling and block multi-queue freeze functions, indicating a system-level freeze rather than a crash or memory corruption. The fix involves reusing the teardown logic to properly unquiesce the admin queue before destruction, ensuring pending requests are drained and preventing the hang. This vulnerability affects specific Linux kernel versions identified by commit hashes, indicating it is present in certain recent or development kernel builds. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability primarily impacts systems using NVMe over RDMA, which is common in high-performance computing, data centers, and enterprise storage environments where low-latency, high-throughput storage access is critical.
Potential Impact
For European organizations, the impact of CVE-2024-49569 can be significant in environments relying on Linux servers with NVMe over RDMA storage configurations. Such setups are prevalent in data centers, cloud service providers, research institutions, and enterprises with high-performance storage needs. The kernel hang caused by this vulnerability leads to denial of service (DoS) conditions, where affected systems become unresponsive, potentially disrupting critical applications and services. This can result in operational downtime, data processing delays, and increased recovery costs. While the vulnerability does not appear to allow privilege escalation or data corruption directly, the availability impact alone can affect business continuity, especially for sectors like finance, telecommunications, healthcare, and manufacturing that depend on reliable storage infrastructure. Additionally, the hang could complicate automated orchestration and failover mechanisms, increasing the risk of cascading failures in clustered or virtualized environments. Since no authentication or user interaction is required to trigger the hang (it occurs during controller creation failure), the attack surface includes any process or component that interacts with the NVMe RDMA driver, potentially including remote management interfaces if exposed. However, exploitation requires specific hardware and software configurations, limiting the scope to organizations using NVMe over RDMA on Linux kernels with the vulnerable versions.
Mitigation Recommendations
To mitigate CVE-2024-49569, European organizations should: 1) Apply the latest Linux kernel patches that address this vulnerability as soon as they become available, ensuring the NVMe RDMA driver properly unquiesces the admin queue before destruction. 2) Audit and inventory systems using NVMe over RDMA to identify those running affected kernel versions, prioritizing patch deployment on critical infrastructure. 3) Implement monitoring for kernel hangs or unresponsive NVMe devices to detect potential exploitation or system instability early. 4) Where possible, limit exposure of NVMe RDMA interfaces to trusted networks and restrict access to management interfaces that could trigger controller creation or destruction. 5) Consider fallback or redundancy mechanisms for storage access to minimize downtime impact if a hang occurs. 6) Engage with hardware and software vendors to confirm compatibility and support for patched kernels and updated NVMe RDMA drivers. 7) Test patches in staging environments to ensure stability and performance are maintained post-update. These steps go beyond generic advice by focusing on the specific NVMe RDMA subsystem, emphasizing inventory, monitoring, and controlled exposure to reduce risk.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-01-09T09:50:31.772Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdce98
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/27/2025, 9:40:32 PM
Last updated: 8/7/2025, 5:06:29 AM
Views: 18
Related Threats
CVE-2025-9023: Buffer Overflow in Tenda AC7
HighCVE-2025-8905: CWE-94 Improper Control of Generation of Code ('Code Injection') in inpersttion Inpersttion For Theme
MediumCVE-2025-8720: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in morehawes Plugin README Parser
MediumCVE-2025-8091: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in ashanjay EventON – Events Calendar
MediumCVE-2025-8080: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in alobaidi Alobaidi Captcha
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.