CVE-2024-56547: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60 test_boost=2, will trigger the following warning: WARNING: CPU: 19 PID: 100 at kernel/rcu/tree_nocb.h:1061 rcu_nocb_rdp_deoffload+0x292/0x2a0 RIP: 0010:rcu_nocb_rdp_deoffload+0x292/0x2a0 Call Trace: <TASK> ? __warn+0x7e/0x120 ? rcu_nocb_rdp_deoffload+0x292/0x2a0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x3d/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? rcu_nocb_rdp_deoffload+0x292/0x2a0 rcu_nocb_cpu_deoffload+0x70/0xa0 rcu_nocb_toggle+0x136/0x1c0 ? __pfx_rcu_nocb_toggle+0x10/0x10 kthread+0xd1/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CPU0 CPU2 CPU3 //rcu_nocb_toggle //nocb_cb_wait //rcutorture // deoffload CPU1 // process CPU1's rdp rcu_barrier() rcu_segcblist_entrain() rcu_segcblist_add_len(1); // len == 2 // enqueue barrier // callback to CPU1's // rdp->cblist rcu_do_batch() // invoke CPU1's rdp->cblist // callback rcu_barrier_callback() rcu_barrier() mutex_lock(&rcu_state.barrier_mutex); // still see len == 2 // enqueue barrier callback // to CPU1's rdp->cblist rcu_segcblist_entrain() rcu_segcblist_add_len(1); // len == 3 // decrement len rcu_segcblist_add_len(-2); kthread_parkme() // CPU1's rdp->cblist len == 1 // Warn because there is // still a pending barrier // trigger warning WARN_ON_ONCE(rcu_segcblist_n_cbs(&rdp->cblist)); cpus_read_unlock(); // wait CPU1 to comes online and // invoke barrier callback on // CPU1 rdp's->cblist wait_for_completion(&rcu_state.barrier_completion); // deoffload CPU4 cpus_read_lock() rcu_barrier() mutex_lock(&rcu_state.barrier_mutex); // block on barrier_mutex // wait rcu_barrier() on // CPU3 to unlock barrier_mutex // but CPU3 unlock barrier_mutex // need to wait CPU1 comes online // when CPU1 going online will block on cpus_write_lock The above scenario will not only trigger a WARN_ON_ONCE(), but also trigger a deadlock. Thanks to nocb locking, a second racing rcu_barrier() on an offline CPU will either observe the decremented callback counter down to 0 and spare the callback enqueue, or rcuo will observe the new callback and keep rdp->nocb_cb_sleep to false. Therefore check rdp->nocb_cb_sleep before parking to make sure no further rcu_barrier() is waiting on the rdp.
AI Analysis
Technical Summary
CVE-2024-56547 is a vulnerability in the Linux kernel's Read-Copy-Update (RCU) subsystem, specifically related to the No-CBs (nocb) offloading feature. The issue arises from a missed RCU barrier on deoffloading CPUs, which can lead to a WARN_ON_ONCE() kernel warning and potentially a deadlock scenario. The vulnerability manifests during the execution of rcutorture tests with specific parameters that stress the RCU forward progress and callback handling mechanisms. The root cause involves improper synchronization and callback management when CPUs are deoffloaded (taken offline) and callbacks are enqueued or processed. The kernel's rcu_barrier() function, which is designed to ensure all callbacks have been processed before proceeding, can block indefinitely due to a race condition involving callback counters and mutex locks. This results in a deadlock where the system waits for callbacks on an offline CPU that never completes processing, causing kernel stalls or hangs. The fix involves checking the rdp->nocb_cb_sleep flag before parking the kernel thread to ensure no further rcu_barrier() calls are waiting on the read-copy-update deferred processing (rdp) structure, preventing the deadlock. This vulnerability affects Linux kernel versions identified by the commit hash 1fcb932c8b5ce86219d7dedcd63659351a43291c and likely related versions implementing the nocb RCU offloading feature. While no known exploits are reported in the wild, the issue can cause system instability and denial of service due to kernel deadlocks under specific workloads involving CPU offloading and RCU callback processing.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with the nocb RCU offloading feature enabled. The impact includes potential system hangs or kernel panics due to deadlocks in the RCU subsystem, which is critical for kernel synchronization and performance. Such instability can lead to denial of service conditions, affecting servers, cloud infrastructure, and embedded systems relying on Linux. Organizations operating high-availability services, data centers, or critical infrastructure that depend on Linux kernel stability may experience outages or degraded performance. The vulnerability does not directly expose confidentiality or integrity breaches but impacts availability, which can disrupt business operations, especially in sectors like finance, telecommunications, manufacturing, and public services. Given the widespread use of Linux in European IT environments, particularly in enterprise servers and cloud platforms, the risk of operational disruption is significant if unpatched kernels are deployed. However, exploitation requires specific conditions involving CPU offloading and RCU torture tests, suggesting that typical workloads may be less affected, but specialized or high-load environments could trigger the issue.
Mitigation Recommendations
To mitigate CVE-2024-56547, European organizations should: 1) Apply the official Linux kernel patches that address the missed RCU barrier on deoffloading CPUs as soon as they are available from trusted sources or Linux distribution vendors. 2) Avoid running untrusted or experimental workloads that heavily stress the RCU subsystem or involve CPU offloading until patches are applied. 3) Monitor kernel logs for WARN_ON_ONCE() messages related to rcu_nocb_rdp_deoffload or deadlock symptoms to detect potential triggering of this vulnerability. 4) In environments where kernel upgrades are challenging, consider disabling the nocb RCU offloading feature if feasible, as a temporary workaround to prevent deadlocks. 5) Implement robust system monitoring and automated recovery mechanisms to detect and remediate kernel hangs or stalls promptly. 6) Coordinate with Linux distribution maintainers to ensure timely updates and backports for affected kernel versions in enterprise distributions commonly used in Europe. 7) Conduct thorough testing of kernel updates in staging environments that replicate production workloads involving CPU offloading to validate stability before deployment.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2024-56547: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60 test_boost=2, will trigger the following warning: WARNING: CPU: 19 PID: 100 at kernel/rcu/tree_nocb.h:1061 rcu_nocb_rdp_deoffload+0x292/0x2a0 RIP: 0010:rcu_nocb_rdp_deoffload+0x292/0x2a0 Call Trace: <TASK> ? __warn+0x7e/0x120 ? rcu_nocb_rdp_deoffload+0x292/0x2a0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x3d/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? rcu_nocb_rdp_deoffload+0x292/0x2a0 rcu_nocb_cpu_deoffload+0x70/0xa0 rcu_nocb_toggle+0x136/0x1c0 ? __pfx_rcu_nocb_toggle+0x10/0x10 kthread+0xd1/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CPU0 CPU2 CPU3 //rcu_nocb_toggle //nocb_cb_wait //rcutorture // deoffload CPU1 // process CPU1's rdp rcu_barrier() rcu_segcblist_entrain() rcu_segcblist_add_len(1); // len == 2 // enqueue barrier // callback to CPU1's // rdp->cblist rcu_do_batch() // invoke CPU1's rdp->cblist // callback rcu_barrier_callback() rcu_barrier() mutex_lock(&rcu_state.barrier_mutex); // still see len == 2 // enqueue barrier callback // to CPU1's rdp->cblist rcu_segcblist_entrain() rcu_segcblist_add_len(1); // len == 3 // decrement len rcu_segcblist_add_len(-2); kthread_parkme() // CPU1's rdp->cblist len == 1 // Warn because there is // still a pending barrier // trigger warning WARN_ON_ONCE(rcu_segcblist_n_cbs(&rdp->cblist)); cpus_read_unlock(); // wait CPU1 to comes online and // invoke barrier callback on // CPU1 rdp's->cblist wait_for_completion(&rcu_state.barrier_completion); // deoffload CPU4 cpus_read_lock() rcu_barrier() mutex_lock(&rcu_state.barrier_mutex); // block on barrier_mutex // wait rcu_barrier() on // CPU3 to unlock barrier_mutex // but CPU3 unlock barrier_mutex // need to wait CPU1 comes online // when CPU1 going online will block on cpus_write_lock The above scenario will not only trigger a WARN_ON_ONCE(), but also trigger a deadlock. Thanks to nocb locking, a second racing rcu_barrier() on an offline CPU will either observe the decremented callback counter down to 0 and spare the callback enqueue, or rcuo will observe the new callback and keep rdp->nocb_cb_sleep to false. Therefore check rdp->nocb_cb_sleep before parking to make sure no further rcu_barrier() is waiting on the rdp.
AI-Powered Analysis
Technical Analysis
CVE-2024-56547 is a vulnerability in the Linux kernel's Read-Copy-Update (RCU) subsystem, specifically related to the No-CBs (nocb) offloading feature. The issue arises from a missed RCU barrier on deoffloading CPUs, which can lead to a WARN_ON_ONCE() kernel warning and potentially a deadlock scenario. The vulnerability manifests during the execution of rcutorture tests with specific parameters that stress the RCU forward progress and callback handling mechanisms. The root cause involves improper synchronization and callback management when CPUs are deoffloaded (taken offline) and callbacks are enqueued or processed. The kernel's rcu_barrier() function, which is designed to ensure all callbacks have been processed before proceeding, can block indefinitely due to a race condition involving callback counters and mutex locks. This results in a deadlock where the system waits for callbacks on an offline CPU that never completes processing, causing kernel stalls or hangs. The fix involves checking the rdp->nocb_cb_sleep flag before parking the kernel thread to ensure no further rcu_barrier() calls are waiting on the read-copy-update deferred processing (rdp) structure, preventing the deadlock. This vulnerability affects Linux kernel versions identified by the commit hash 1fcb932c8b5ce86219d7dedcd63659351a43291c and likely related versions implementing the nocb RCU offloading feature. While no known exploits are reported in the wild, the issue can cause system instability and denial of service due to kernel deadlocks under specific workloads involving CPU offloading and RCU callback processing.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with the nocb RCU offloading feature enabled. The impact includes potential system hangs or kernel panics due to deadlocks in the RCU subsystem, which is critical for kernel synchronization and performance. Such instability can lead to denial of service conditions, affecting servers, cloud infrastructure, and embedded systems relying on Linux. Organizations operating high-availability services, data centers, or critical infrastructure that depend on Linux kernel stability may experience outages or degraded performance. The vulnerability does not directly expose confidentiality or integrity breaches but impacts availability, which can disrupt business operations, especially in sectors like finance, telecommunications, manufacturing, and public services. Given the widespread use of Linux in European IT environments, particularly in enterprise servers and cloud platforms, the risk of operational disruption is significant if unpatched kernels are deployed. However, exploitation requires specific conditions involving CPU offloading and RCU torture tests, suggesting that typical workloads may be less affected, but specialized or high-load environments could trigger the issue.
Mitigation Recommendations
To mitigate CVE-2024-56547, European organizations should: 1) Apply the official Linux kernel patches that address the missed RCU barrier on deoffloading CPUs as soon as they are available from trusted sources or Linux distribution vendors. 2) Avoid running untrusted or experimental workloads that heavily stress the RCU subsystem or involve CPU offloading until patches are applied. 3) Monitor kernel logs for WARN_ON_ONCE() messages related to rcu_nocb_rdp_deoffload or deadlock symptoms to detect potential triggering of this vulnerability. 4) In environments where kernel upgrades are challenging, consider disabling the nocb RCU offloading feature if feasible, as a temporary workaround to prevent deadlocks. 5) Implement robust system monitoring and automated recovery mechanisms to detect and remediate kernel hangs or stalls promptly. 6) Coordinate with Linux distribution maintainers to ensure timely updates and backports for affected kernel versions in enterprise distributions commonly used in Europe. 7) Conduct thorough testing of kernel updates in staging environments that replicate production workloads involving CPU offloading to validate stability before deployment.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:05.989Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf1df
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 11:40:50 AM
Last updated: 7/26/2025, 5:16:59 AM
Views: 11
Related Threats
CVE-2025-8834: Cross Site Scripting in JCG Link-net LW-N915R
MediumCVE-2025-55159: CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer in tokio-rs slab
MediumCVE-2025-55161: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighCVE-2025-25235: CWE-918 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway
HighCVE-2025-55151: CWE-918: Server-Side Request Forgery (SSRF) in Stirling-Tools Stirling-PDF
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.