CVE-2024-53089: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hard interrupt context") and commit 9090825fa9974 ("KVM: arm/arm64: Let the timer expire in hardirq context on RT"), On PREEMPT_RT enabled kernels unmarked hrtimers are moved into soft interrupt expiry mode by default. Then the timers are canceled from an preempt-notifier which is invoked with disabled preemption which is not allowed on PREEMPT_RT. The timer callback is short so in could be invoked in hard-IRQ context. So let the timer expire on hard-IRQ context even on -RT. This fix a "scheduling while atomic" bug for PREEMPT_RT enabled kernels: BUG: scheduling while atomic: qemu-system-loo/1011/0x00000002 Modules linked in: amdgpu rfkill nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ns CPU: 1 UID: 0 PID: 1011 Comm: qemu-system-loo Tainted: G W 6.12.0-rc2+ #1774 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : ffffffffffffffff 0000000000000000 9000000004e3ea38 9000000116744000 90000001167475a0 0000000000000000 90000001167475a8 9000000005644830 90000000058dc000 90000000058dbff8 9000000116747420 0000000000000001 0000000000000001 6a613fc938313980 000000000790c000 90000001001c1140 00000000000003fe 0000000000000001 000000000000000d 0000000000000003 0000000000000030 00000000000003f3 000000000790c000 9000000116747830 90000000057ef000 0000000000000000 9000000005644830 0000000000000004 0000000000000000 90000000057f4b58 0000000000000001 9000000116747868 900000000451b600 9000000005644830 9000000003a13998 0000000010000020 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000003a13998>] show_stack+0x38/0x180 [<9000000004e3ea34>] dump_stack_lvl+0x84/0xc0 [<9000000003a71708>] __schedule_bug+0x48/0x60 [<9000000004e45734>] __schedule+0x1114/0x1660 [<9000000004e46040>] schedule_rtlock+0x20/0x60 [<9000000004e4e330>] rtlock_slowlock_locked+0x3f0/0x10a0 [<9000000004e4f038>] rt_spin_lock+0x58/0x80 [<9000000003b02d68>] hrtimer_cancel_wait_running+0x68/0xc0 [<9000000003b02e30>] hrtimer_cancel+0x70/0x80 [<ffff80000235eb70>] kvm_restore_timer+0x50/0x1a0 [kvm] [<ffff8000023616c8>] kvm_arch_vcpu_load+0x68/0x2a0 [kvm] [<ffff80000234c2d4>] kvm_sched_in+0x34/0x60 [kvm] [<9000000003a749a0>] finish_task_switch.isra.0+0x140/0x2e0 [<9000000004e44a70>] __schedule+0x450/0x1660 [<9000000004e45cb0>] schedule+0x30/0x180 [<ffff800002354c70>] kvm_vcpu_block+0x70/0x120 [kvm] [<ffff800002354d80>] kvm_vcpu_halt+0x60/0x3e0 [kvm] [<ffff80000235b194>] kvm_handle_gspr+0x3f4/0x4e0 [kvm] [<ffff80000235f548>] kvm_handle_exit+0x1c8/0x260 [kvm]
AI Analysis
Technical Summary
CVE-2024-53089 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture's Kernel-based Virtual Machine (KVM) implementation. The issue arises from improper handling of high-resolution timers (hrtimers) in PREEMPT_RT enabled kernels, which are real-time Linux kernels designed to minimize latency by allowing preemption almost everywhere. Normally, unmarked hrtimers are moved into soft interrupt expiry mode by default; however, in this case, timers are canceled from a preempt-notifier invoked with disabled preemption, which is disallowed in PREEMPT_RT. The timer callback is short and could be invoked in hard interrupt context (hard-IRQ), but the kernel did not originally allow this on PREEMPT_RT kernels. This mismatch leads to a "scheduling while atomic" bug, where the kernel attempts to schedule tasks while in an atomic context, which is forbidden and causes kernel warnings or crashes. The vulnerability manifests as a kernel bug triggered during KVM operations, such as running virtual machines (e.g., qemu-system-loo), leading to system instability or crashes. The root cause is a race condition or improper synchronization in the timer expiration handling within KVM on LoongArch processors with PREEMPT_RT enabled. The fix involves marking the hrtimer to expire in hard interrupt context even on PREEMPT_RT kernels, aligning with similar fixes applied to other architectures (x86 LAPIC and ARM/ARM64). This vulnerability does not have a known exploit in the wild and affects specific kernel versions identified by commit hashes. It is primarily relevant to systems running LoongArch architecture with PREEMPT_RT enabled kernels and KVM virtualization.
Potential Impact
For European organizations, the impact of CVE-2024-53089 depends largely on their use of LoongArch-based hardware and PREEMPT_RT enabled Linux kernels with KVM virtualization. LoongArch processors are less common globally compared to x86 or ARM architectures but may be used in specialized or emerging markets. Organizations employing real-time Linux kernels for critical infrastructure, industrial control systems, or telecommunications that rely on KVM virtualization could experience kernel crashes or system instability, potentially leading to denial of service conditions. This could disrupt virtualized workloads, affecting availability of services or applications. While the vulnerability does not directly lead to privilege escalation or data leakage, the instability caused could impact operational continuity, especially in environments requiring high reliability and uptime. European sectors such as manufacturing, energy, or research institutions using real-time Linux for embedded or virtualized systems might be at risk. However, the limited deployment of LoongArch architecture in Europe reduces the widespread impact. The absence of known exploits in the wild further lowers immediate risk but does not preclude targeted attacks or accidental system failures if unpatched.
Mitigation Recommendations
To mitigate CVE-2024-53089, European organizations should: 1) Identify any systems running LoongArch architecture with PREEMPT_RT enabled Linux kernels and KVM virtualization. 2) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring the hrtimer expiration is correctly handled in hard interrupt context. 3) For systems where immediate patching is not feasible, consider disabling PREEMPT_RT or KVM virtualization temporarily if operationally acceptable, to avoid triggering the bug. 4) Monitor kernel logs for "scheduling while atomic" warnings or related kernel stack traces indicative of this issue. 5) Engage with hardware and software vendors to confirm support and patch availability for LoongArch-based systems. 6) Implement robust system monitoring and automated reboot mechanisms to recover from potential kernel panics or crashes. 7) Conduct thorough testing of updated kernels in staging environments before deployment to production to ensure stability. These steps go beyond generic advice by focusing on architecture-specific identification, patch application, and operational controls tailored to the affected environment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2024-53089: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hard interrupt context") and commit 9090825fa9974 ("KVM: arm/arm64: Let the timer expire in hardirq context on RT"), On PREEMPT_RT enabled kernels unmarked hrtimers are moved into soft interrupt expiry mode by default. Then the timers are canceled from an preempt-notifier which is invoked with disabled preemption which is not allowed on PREEMPT_RT. The timer callback is short so in could be invoked in hard-IRQ context. So let the timer expire on hard-IRQ context even on -RT. This fix a "scheduling while atomic" bug for PREEMPT_RT enabled kernels: BUG: scheduling while atomic: qemu-system-loo/1011/0x00000002 Modules linked in: amdgpu rfkill nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ns CPU: 1 UID: 0 PID: 1011 Comm: qemu-system-loo Tainted: G W 6.12.0-rc2+ #1774 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : ffffffffffffffff 0000000000000000 9000000004e3ea38 9000000116744000 90000001167475a0 0000000000000000 90000001167475a8 9000000005644830 90000000058dc000 90000000058dbff8 9000000116747420 0000000000000001 0000000000000001 6a613fc938313980 000000000790c000 90000001001c1140 00000000000003fe 0000000000000001 000000000000000d 0000000000000003 0000000000000030 00000000000003f3 000000000790c000 9000000116747830 90000000057ef000 0000000000000000 9000000005644830 0000000000000004 0000000000000000 90000000057f4b58 0000000000000001 9000000116747868 900000000451b600 9000000005644830 9000000003a13998 0000000010000020 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000003a13998>] show_stack+0x38/0x180 [<9000000004e3ea34>] dump_stack_lvl+0x84/0xc0 [<9000000003a71708>] __schedule_bug+0x48/0x60 [<9000000004e45734>] __schedule+0x1114/0x1660 [<9000000004e46040>] schedule_rtlock+0x20/0x60 [<9000000004e4e330>] rtlock_slowlock_locked+0x3f0/0x10a0 [<9000000004e4f038>] rt_spin_lock+0x58/0x80 [<9000000003b02d68>] hrtimer_cancel_wait_running+0x68/0xc0 [<9000000003b02e30>] hrtimer_cancel+0x70/0x80 [<ffff80000235eb70>] kvm_restore_timer+0x50/0x1a0 [kvm] [<ffff8000023616c8>] kvm_arch_vcpu_load+0x68/0x2a0 [kvm] [<ffff80000234c2d4>] kvm_sched_in+0x34/0x60 [kvm] [<9000000003a749a0>] finish_task_switch.isra.0+0x140/0x2e0 [<9000000004e44a70>] __schedule+0x450/0x1660 [<9000000004e45cb0>] schedule+0x30/0x180 [<ffff800002354c70>] kvm_vcpu_block+0x70/0x120 [kvm] [<ffff800002354d80>] kvm_vcpu_halt+0x60/0x3e0 [kvm] [<ffff80000235b194>] kvm_handle_gspr+0x3f4/0x4e0 [kvm] [<ffff80000235f548>] kvm_handle_exit+0x1c8/0x260 [kvm]
AI-Powered Analysis
Technical Analysis
CVE-2024-53089 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture's Kernel-based Virtual Machine (KVM) implementation. The issue arises from improper handling of high-resolution timers (hrtimers) in PREEMPT_RT enabled kernels, which are real-time Linux kernels designed to minimize latency by allowing preemption almost everywhere. Normally, unmarked hrtimers are moved into soft interrupt expiry mode by default; however, in this case, timers are canceled from a preempt-notifier invoked with disabled preemption, which is disallowed in PREEMPT_RT. The timer callback is short and could be invoked in hard interrupt context (hard-IRQ), but the kernel did not originally allow this on PREEMPT_RT kernels. This mismatch leads to a "scheduling while atomic" bug, where the kernel attempts to schedule tasks while in an atomic context, which is forbidden and causes kernel warnings or crashes. The vulnerability manifests as a kernel bug triggered during KVM operations, such as running virtual machines (e.g., qemu-system-loo), leading to system instability or crashes. The root cause is a race condition or improper synchronization in the timer expiration handling within KVM on LoongArch processors with PREEMPT_RT enabled. The fix involves marking the hrtimer to expire in hard interrupt context even on PREEMPT_RT kernels, aligning with similar fixes applied to other architectures (x86 LAPIC and ARM/ARM64). This vulnerability does not have a known exploit in the wild and affects specific kernel versions identified by commit hashes. It is primarily relevant to systems running LoongArch architecture with PREEMPT_RT enabled kernels and KVM virtualization.
Potential Impact
For European organizations, the impact of CVE-2024-53089 depends largely on their use of LoongArch-based hardware and PREEMPT_RT enabled Linux kernels with KVM virtualization. LoongArch processors are less common globally compared to x86 or ARM architectures but may be used in specialized or emerging markets. Organizations employing real-time Linux kernels for critical infrastructure, industrial control systems, or telecommunications that rely on KVM virtualization could experience kernel crashes or system instability, potentially leading to denial of service conditions. This could disrupt virtualized workloads, affecting availability of services or applications. While the vulnerability does not directly lead to privilege escalation or data leakage, the instability caused could impact operational continuity, especially in environments requiring high reliability and uptime. European sectors such as manufacturing, energy, or research institutions using real-time Linux for embedded or virtualized systems might be at risk. However, the limited deployment of LoongArch architecture in Europe reduces the widespread impact. The absence of known exploits in the wild further lowers immediate risk but does not preclude targeted attacks or accidental system failures if unpatched.
Mitigation Recommendations
To mitigate CVE-2024-53089, European organizations should: 1) Identify any systems running LoongArch architecture with PREEMPT_RT enabled Linux kernels and KVM virtualization. 2) Apply the latest Linux kernel patches that include the fix for this vulnerability, ensuring the hrtimer expiration is correctly handled in hard interrupt context. 3) For systems where immediate patching is not feasible, consider disabling PREEMPT_RT or KVM virtualization temporarily if operationally acceptable, to avoid triggering the bug. 4) Monitor kernel logs for "scheduling while atomic" warnings or related kernel stack traces indicative of this issue. 5) Engage with hardware and software vendors to confirm support and patch availability for LoongArch-based systems. 6) Implement robust system monitoring and automated reboot mechanisms to recover from potential kernel panics or crashes. 7) Conduct thorough testing of updated kernels in staging environments before deployment to production to ensure stability. These steps go beyond generic advice by focusing on architecture-specific identification, patch application, and operational controls tailored to the affected environment.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-11-19T17:17:24.981Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9824c4522896dcbdf965
Added to database: 5/21/2025, 9:08:52 AM
Last enriched: 6/28/2025, 2:42:43 PM
Last updated: 8/18/2025, 11:32:01 PM
Views: 21
Related Threats
CVE-2025-9341: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS
MediumCVE-2025-8678: CWE-918 Server-Side Request Forgery (SSRF) in johnbillion WP Crontrol
MediumCVE-2025-57699: Unquoted search path or element in Western Digital Corporation Western Digital Kitfox for Windows
MediumCVE-2025-8281: CWE-79 Cross-Site Scripting (XSS) in WP Talroo
HighCVE-2025-41452: CWE-15: External Control of System or Configuration Setting in Danfoss AK-SM8xxA Series
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.