CVE-2024-50138: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is illustrated in the example below: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs preempt_count: 1, expected: 0 RCU nest depth: 1, expected: 1 INFO: lockdep is turned off. Preemption disabled at: [<ffffd33a5c88ea44>] migrate_enable+0xc0/0x39c CPU: 7 PID: 556208 Comm: test_progs Tainted: G Hardware name: Qualcomm SA8775P Ride (DT) Call trace: dump_backtrace+0xac/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0xac/0xe8 dump_stack+0x18/0x30 __might_resched+0x3bc/0x4fc rt_spin_lock+0x8c/0x1a4 __bpf_ringbuf_reserve+0xc4/0x254 bpf_ringbuf_reserve_dynptr+0x5c/0xdc bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238 trace_call_bpf+0x238/0x774 perf_call_bpf_enter.isra.0+0x104/0x194 perf_syscall_enter+0x2f8/0x510 trace_sys_enter+0x39c/0x564 syscall_trace_enter+0x220/0x3c0 do_el0_svc+0x138/0x1dc el0_svc+0x54/0x130 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Switch the spinlock to raw_spinlock_t to avoid this error.
AI Analysis
Technical Summary
CVE-2024-50138 is a vulnerability identified in the Linux kernel related to the use of spinlocks within the Berkeley Packet Filter (BPF) ring buffer implementation. Specifically, the function __bpf_ringbuf_reserve, which is called from a tracepoint context where preemption is disabled, improperly uses the standard spinlock_t type. This can lead to a "sleep in atomic" warning in the real-time (RT) variant of the kernel. The issue arises because spinlock_t may invoke sleeping functions, which are not allowed when preemption is disabled, causing kernel warnings and potentially destabilizing the system. The vulnerability is demonstrated by kernel logs showing a BUG triggered by calling a sleeping function from an invalid atomic context, with detailed call traces indicating the problem occurs during BPF ring buffer reservation. The recommended fix is to replace spinlock_t with raw_spinlock_t in this context, as raw_spinlock_t does not have the sleeping behavior and is safe to use when preemption is disabled. This vulnerability affects Linux kernel versions identified by the commit hashes provided and was published on November 5, 2024. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily affects systems running Linux kernels with real-time capabilities or those utilizing BPF extensively, such as in performance monitoring, security tracing, or network packet filtering. The improper locking can cause kernel warnings and potentially lead to system instability or crashes in environments where real-time guarantees are critical, such as telecommunications, industrial control systems, or financial trading platforms. While it does not directly allow privilege escalation or remote code execution, the resulting instability could cause denial of service conditions or disrupt critical services. Organizations relying on Linux-based infrastructure for critical operations may experience degraded reliability or unexpected downtime if this vulnerability is triggered. The impact is more pronounced in environments using the RT kernel variant or heavy BPF usage, which are common in advanced monitoring and security tooling.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions where this issue is patched, specifically those that replace spinlock_t with raw_spinlock_t in the BPF ring buffer code. Kernel updates should be tested and deployed promptly, especially in real-time or performance-sensitive environments. Additionally, organizations should audit their use of BPF programs and tracepoints to identify any that might invoke __bpf_ringbuf_reserve and assess the risk of triggering this bug. For systems where immediate kernel updates are not feasible, consider disabling or limiting BPF tracepoints or features that rely on the affected ring buffer code to reduce exposure. Monitoring kernel logs for "sleep in atomic" warnings can help detect attempts to trigger this issue. Finally, ensure that system and kernel debugging tools are configured to capture detailed traces to facilitate rapid diagnosis if instability occurs.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-50138: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is illustrated in the example below: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs preempt_count: 1, expected: 0 RCU nest depth: 1, expected: 1 INFO: lockdep is turned off. Preemption disabled at: [<ffffd33a5c88ea44>] migrate_enable+0xc0/0x39c CPU: 7 PID: 556208 Comm: test_progs Tainted: G Hardware name: Qualcomm SA8775P Ride (DT) Call trace: dump_backtrace+0xac/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0xac/0xe8 dump_stack+0x18/0x30 __might_resched+0x3bc/0x4fc rt_spin_lock+0x8c/0x1a4 __bpf_ringbuf_reserve+0xc4/0x254 bpf_ringbuf_reserve_dynptr+0x5c/0xdc bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238 trace_call_bpf+0x238/0x774 perf_call_bpf_enter.isra.0+0x104/0x194 perf_syscall_enter+0x2f8/0x510 trace_sys_enter+0x39c/0x564 syscall_trace_enter+0x220/0x3c0 do_el0_svc+0x138/0x1dc el0_svc+0x54/0x130 el0t_64_sync_handler+0x134/0x150 el0t_64_sync+0x17c/0x180 Switch the spinlock to raw_spinlock_t to avoid this error.
AI-Powered Analysis
Technical Analysis
CVE-2024-50138 is a vulnerability identified in the Linux kernel related to the use of spinlocks within the Berkeley Packet Filter (BPF) ring buffer implementation. Specifically, the function __bpf_ringbuf_reserve, which is called from a tracepoint context where preemption is disabled, improperly uses the standard spinlock_t type. This can lead to a "sleep in atomic" warning in the real-time (RT) variant of the kernel. The issue arises because spinlock_t may invoke sleeping functions, which are not allowed when preemption is disabled, causing kernel warnings and potentially destabilizing the system. The vulnerability is demonstrated by kernel logs showing a BUG triggered by calling a sleeping function from an invalid atomic context, with detailed call traces indicating the problem occurs during BPF ring buffer reservation. The recommended fix is to replace spinlock_t with raw_spinlock_t in this context, as raw_spinlock_t does not have the sleeping behavior and is safe to use when preemption is disabled. This vulnerability affects Linux kernel versions identified by the commit hashes provided and was published on November 5, 2024. No known exploits are reported in the wild at this time, and no CVSS score has been assigned yet.
Potential Impact
For European organizations, this vulnerability primarily affects systems running Linux kernels with real-time capabilities or those utilizing BPF extensively, such as in performance monitoring, security tracing, or network packet filtering. The improper locking can cause kernel warnings and potentially lead to system instability or crashes in environments where real-time guarantees are critical, such as telecommunications, industrial control systems, or financial trading platforms. While it does not directly allow privilege escalation or remote code execution, the resulting instability could cause denial of service conditions or disrupt critical services. Organizations relying on Linux-based infrastructure for critical operations may experience degraded reliability or unexpected downtime if this vulnerability is triggered. The impact is more pronounced in environments using the RT kernel variant or heavy BPF usage, which are common in advanced monitoring and security tooling.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize updating their Linux kernels to versions where this issue is patched, specifically those that replace spinlock_t with raw_spinlock_t in the BPF ring buffer code. Kernel updates should be tested and deployed promptly, especially in real-time or performance-sensitive environments. Additionally, organizations should audit their use of BPF programs and tracepoints to identify any that might invoke __bpf_ringbuf_reserve and assess the risk of triggering this bug. For systems where immediate kernel updates are not feasible, consider disabling or limiting BPF tracepoints or features that rely on the affected ring buffer code to reduce exposure. Monitoring kernel logs for "sleep in atomic" warnings can help detect attempts to trigger this issue. Finally, ensure that system and kernel debugging tools are configured to capture detailed traces to facilitate rapid diagnosis if instability occurs.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.956Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe006f
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:40:35 PM
Last updated: 8/14/2025, 12:44:23 PM
Views: 19
Related Threats
CVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighCVE-2025-9088: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.