CVE-2024-50140: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe [ 63.696416] preempt_count: 10001, expected: 0 [ 63.696416] RCU nest depth: 1, expected: 1 This problem is caused by the following call trace. sched_tick() [ acquire rq->__lock ] -> task_tick_mm_cid() -> task_work_add() -> __kasan_record_aux_stack() -> kasan_save_stack() -> stack_depot_save_flags() -> alloc_pages_mpol_noprof() -> __alloc_pages_noprof() -> get_page_from_freelist() -> rmqueue() -> rmqueue_pcplist() -> __rmqueue_pcplist() -> rmqueue_bulk() -> rt_spin_lock() The rq lock is a raw_spinlock_t. We can't sleep while holding it. IOW, we can't call alloc_pages() in stack_depot_save_flags(). The task_tick_mm_cid() function with its task_work_add() call was introduced by commit 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") in v6.4 kernel. Fortunately, there is a kasan_record_aux_stack_noalloc() variant that calls stack_depot_save_flags() while not allowing it to allocate new pages. To allow task_tick_mm_cid() to use task_work without page allocation, a new TWAF_NO_ALLOC flag is added to enable calling kasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack() if set. The task_tick_mm_cid() function is modified to add this new flag. The possible downside is the missing stack trace in a KASAN report due to new page allocation required when task_work_add_noallloc() is called which should be rare.
AI Analysis
Technical Summary
CVE-2024-50140 is a vulnerability identified in the Linux kernel, specifically related to the scheduler's handling of task work in the function task_tick_mm_cid(). This function was introduced in Linux kernel version 6.4 as part of a commit aimed at fixing a performance regression related to memory management context IDs (mm_cid). The vulnerability arises when Kernel Address Sanitizer (KASAN) and PREEMPT_RT (a real-time kernel patch) are enabled. Under these conditions, calling task_work_add() within task_tick_mm_cid() can lead to a kernel BUG due to a sleeping function being called from an invalid context while holding a raw spinlock (rq->__lock). The kernel log shows that the system attempts to allocate pages (alloc_pages()) during stack depot operations (stack_depot_save_flags()), which is not allowed while holding this spinlock because it can sleep, violating kernel locking rules and causing a crash (splat). The root cause is that task_work_add() triggers kasan_record_aux_stack(), which attempts to allocate memory for stack traces, but allocation is disallowed in this context. The fix involves introducing a new flag (TWAF_NO_ALLOC) to task_work_add() that prevents page allocation by using a variant function kasan_record_aux_stack_noalloc(), which does not allocate new pages and thus avoids the invalid sleep context. This fix prevents kernel crashes but may result in missing stack traces in KASAN reports when page allocation would have been necessary, though this scenario is expected to be rare. No known exploits are reported in the wild, and the vulnerability is primarily a stability and reliability issue rather than a direct security compromise vector such as privilege escalation or information disclosure.
Potential Impact
For European organizations, the impact of CVE-2024-50140 primarily concerns system stability and reliability, especially for those running Linux kernels with KASAN and PREEMPT_RT enabled. These configurations are common in development, testing, and real-time environments such as telecommunications, industrial control systems, and embedded devices. A kernel crash due to this vulnerability could lead to denial of service (DoS) conditions, affecting availability of critical systems. While it does not directly enable unauthorized access or data leakage, the resulting system instability can disrupt operations, cause downtime, and increase maintenance costs. Organizations relying on real-time Linux kernels for critical infrastructure or industrial automation may experience operational interruptions. Additionally, missing stack traces in KASAN reports could hinder debugging and vulnerability detection efforts, potentially delaying identification of other issues. However, since exploitation requires specific kernel configurations and conditions, the overall risk to general-purpose Linux deployments is limited.
Mitigation Recommendations
European organizations should apply the official Linux kernel patches that introduce the TWAF_NO_ALLOC flag and modify task_tick_mm_cid() to avoid page allocation during task_work_add() calls. For systems using PREEMPT_RT and KASAN, upgrading to kernel versions including this fix is critical. Organizations should audit their kernel configurations to identify if KASAN and PREEMPT_RT are enabled, as this vulnerability only manifests under these conditions. For real-time and embedded Linux deployments, thorough testing of updated kernels is recommended to ensure stability and compatibility. Additionally, monitoring kernel logs for BUG messages related to sleeping functions in invalid contexts can help detect attempts to trigger this issue. Where immediate patching is not feasible, temporarily disabling KASAN or PREEMPT_RT (if operationally acceptable) can mitigate risk. Finally, maintain robust backup and recovery procedures to minimize downtime in case of kernel crashes.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Norway, Denmark
CVE-2024-50140: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe [ 63.696416] preempt_count: 10001, expected: 0 [ 63.696416] RCU nest depth: 1, expected: 1 This problem is caused by the following call trace. sched_tick() [ acquire rq->__lock ] -> task_tick_mm_cid() -> task_work_add() -> __kasan_record_aux_stack() -> kasan_save_stack() -> stack_depot_save_flags() -> alloc_pages_mpol_noprof() -> __alloc_pages_noprof() -> get_page_from_freelist() -> rmqueue() -> rmqueue_pcplist() -> __rmqueue_pcplist() -> rmqueue_bulk() -> rt_spin_lock() The rq lock is a raw_spinlock_t. We can't sleep while holding it. IOW, we can't call alloc_pages() in stack_depot_save_flags(). The task_tick_mm_cid() function with its task_work_add() call was introduced by commit 223baf9d17f2 ("sched: Fix performance regression introduced by mm_cid") in v6.4 kernel. Fortunately, there is a kasan_record_aux_stack_noalloc() variant that calls stack_depot_save_flags() while not allowing it to allocate new pages. To allow task_tick_mm_cid() to use task_work without page allocation, a new TWAF_NO_ALLOC flag is added to enable calling kasan_record_aux_stack_noalloc() instead of kasan_record_aux_stack() if set. The task_tick_mm_cid() function is modified to add this new flag. The possible downside is the missing stack trace in a KASAN report due to new page allocation required when task_work_add_noallloc() is called which should be rare.
AI-Powered Analysis
Technical Analysis
CVE-2024-50140 is a vulnerability identified in the Linux kernel, specifically related to the scheduler's handling of task work in the function task_tick_mm_cid(). This function was introduced in Linux kernel version 6.4 as part of a commit aimed at fixing a performance regression related to memory management context IDs (mm_cid). The vulnerability arises when Kernel Address Sanitizer (KASAN) and PREEMPT_RT (a real-time kernel patch) are enabled. Under these conditions, calling task_work_add() within task_tick_mm_cid() can lead to a kernel BUG due to a sleeping function being called from an invalid context while holding a raw spinlock (rq->__lock). The kernel log shows that the system attempts to allocate pages (alloc_pages()) during stack depot operations (stack_depot_save_flags()), which is not allowed while holding this spinlock because it can sleep, violating kernel locking rules and causing a crash (splat). The root cause is that task_work_add() triggers kasan_record_aux_stack(), which attempts to allocate memory for stack traces, but allocation is disallowed in this context. The fix involves introducing a new flag (TWAF_NO_ALLOC) to task_work_add() that prevents page allocation by using a variant function kasan_record_aux_stack_noalloc(), which does not allocate new pages and thus avoids the invalid sleep context. This fix prevents kernel crashes but may result in missing stack traces in KASAN reports when page allocation would have been necessary, though this scenario is expected to be rare. No known exploits are reported in the wild, and the vulnerability is primarily a stability and reliability issue rather than a direct security compromise vector such as privilege escalation or information disclosure.
Potential Impact
For European organizations, the impact of CVE-2024-50140 primarily concerns system stability and reliability, especially for those running Linux kernels with KASAN and PREEMPT_RT enabled. These configurations are common in development, testing, and real-time environments such as telecommunications, industrial control systems, and embedded devices. A kernel crash due to this vulnerability could lead to denial of service (DoS) conditions, affecting availability of critical systems. While it does not directly enable unauthorized access or data leakage, the resulting system instability can disrupt operations, cause downtime, and increase maintenance costs. Organizations relying on real-time Linux kernels for critical infrastructure or industrial automation may experience operational interruptions. Additionally, missing stack traces in KASAN reports could hinder debugging and vulnerability detection efforts, potentially delaying identification of other issues. However, since exploitation requires specific kernel configurations and conditions, the overall risk to general-purpose Linux deployments is limited.
Mitigation Recommendations
European organizations should apply the official Linux kernel patches that introduce the TWAF_NO_ALLOC flag and modify task_tick_mm_cid() to avoid page allocation during task_work_add() calls. For systems using PREEMPT_RT and KASAN, upgrading to kernel versions including this fix is critical. Organizations should audit their kernel configurations to identify if KASAN and PREEMPT_RT are enabled, as this vulnerability only manifests under these conditions. For real-time and embedded Linux deployments, thorough testing of updated kernels is recommended to ensure stability and compatibility. Additionally, monitoring kernel logs for BUG messages related to sleeping functions in invalid contexts can help detect attempts to trigger this issue. Where immediate patching is not feasible, temporarily disabling KASAN or PREEMPT_RT (if operationally acceptable) can mitigate risk. Finally, maintain robust backup and recovery procedures to minimize downtime in case of kernel crashes.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-10-21T19:36:19.956Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9825c4522896dcbe0094
Added to database: 5/21/2025, 9:08:53 AM
Last enriched: 6/28/2025, 5:40:56 PM
Last updated: 8/1/2025, 12:59:04 AM
Views: 13
Related Threats
CVE-2025-43735: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumCVE-2025-40770: CWE-300: Channel Accessible by Non-Endpoint in Siemens SINEC Traffic Analyzer
HighCVE-2025-40769: CWE-1164: Irrelevant Code in Siemens SINEC Traffic Analyzer
HighCVE-2025-40768: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in Siemens SINEC Traffic Analyzer
HighCVE-2025-40767: CWE-250: Execution with Unnecessary Privileges in Siemens SINEC Traffic Analyzer
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.