CVE-2024-56585: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix sleeping in atomic context for PREEMPT_RT Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setup_tlb_handler()") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic context" error: [ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 0.372266] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 [ 0.372268] preempt_count: 1, expected: 0 [ 0.372270] RCU nest depth: 1, expected: 1 [ 0.372272] 3 locks held by swapper/1/0: [ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x524/0x1c60 [ 0.372294] #1: 90000000087013b8 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x50/0x140 [ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x30c/0xea0 [ 0.372314] irq event stamp: 0 [ 0.372316] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 0.372322] hardirqs last disabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372329] softirqs last enabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372335] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891 [ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 [ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000 [ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788 [ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001 [ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0 [ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003 [ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003 [ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004 [ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000 [ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000 [ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000 [ 0.372537] ... [ 0.372540] Call Trace: [ 0.372542] [<9000000005924778>] show_stack+0x38/0x180 [ 0.372548] [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [ 0.372555] [<900000000599b880>] __might_resched+0x1a0/0x260 [ 0.372561] [<90000000071675cc>] rt_spin_lock+0x4c/0x140 [ 0.372565] [<9000000005cbb768>] __rmqueue_pcplist+0x308/0xea0 [ 0.372570] [<9000000005cbed84>] get_page_from_freelist+0x564/0x1c60 [ 0.372575] [<9000000005cc0d98>] __alloc_pages_noprof+0x218/0x1820 [ 0.372580] [<900000000593b36c>] tlb_init+0x1ac/0x298 [ 0.372585] [<9000000005924b74>] per_cpu_trap_init+0x114/0x140 [ 0.372589] [<9000000005921964>] cpu_probe+0x4e4/0xa60 [ 0.372592] [<9000000005934874>] start_secondary+0x34/0xc0 [ 0.372599] [<900000000715615c>] smpboot_entry+0x64/0x6c This is because in PREEMPT_RT kernels normal spinlocks are replaced by rt spinlocks and rt_spin_lock() will cause sleeping. Fix it by disabling NUMA optimization completely for PREEMPT_RT kernels.
AI Analysis
Technical Summary
CVE-2024-56585 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture when running PREEMPT_RT (Real-Time) kernels. The issue arises from improper handling of memory allocation flags in the kernel's setup_tlb_handler() function. Originally, the allocation used GFP_KERNEL flags, which was changed to GFP_ATOMIC to avoid sleeping in atomic context. However, in PREEMPT_RT kernels, which replace normal spinlocks with real-time (rt) spinlocks, the rt_spin_lock() function can cause sleeping, leading to a "sleeping in atomic context" error. This error manifests as kernel BUG messages indicating that a sleeping function was called from an invalid atomic context, which is critical in real-time systems where sleeping is disallowed in atomic contexts. The root cause is that the NUMA (Non-Uniform Memory Access) optimization is not properly disabled for PREEMPT_RT kernels, allowing the problematic sleeping behavior to persist. The fix involves disabling NUMA optimization entirely for PREEMPT_RT kernels to prevent sleeping in atomic contexts. This vulnerability can cause kernel panics or system instability during memory allocation in real-time environments on LoongArch processors, impacting system reliability and availability. No known exploits are reported in the wild at this time, and the vulnerability is specific to a niche architecture and kernel configuration.
Potential Impact
For European organizations using Linux systems with the LoongArch architecture and PREEMPT_RT kernels—typically in specialized real-time or embedded environments—this vulnerability can lead to kernel panics and system crashes. Such instability can disrupt critical real-time applications, including industrial control systems, telecommunications infrastructure, and embedded devices used in sectors like manufacturing, automotive, and aerospace. The impact on confidentiality and integrity is minimal since this is primarily a stability and availability issue. However, availability disruptions in real-time systems can have significant operational consequences, potentially causing downtime or failure of time-sensitive processes. Given the niche nature of LoongArch processors and PREEMPT_RT kernel usage, the overall impact on mainstream European IT infrastructure is limited, but organizations relying on these specific configurations for critical real-time workloads could face serious reliability issues if unpatched.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the official Linux kernel patches that disable NUMA optimization for PREEMPT_RT kernels on LoongArch architecture as soon as they become available. 2) For systems where patching is delayed, consider temporarily disabling PREEMPT_RT features if real-time capabilities are not critical, to avoid the sleeping in atomic context issue. 3) Conduct thorough testing of kernel updates in controlled environments to ensure stability before deployment in production real-time systems. 4) Monitor kernel logs for BUG messages related to sleeping in atomic context to detect potential exploitation or manifestation of this issue. 5) Engage with hardware and software vendors to confirm support and patch availability for LoongArch-based systems. 6) For new deployments, evaluate the necessity of using LoongArch with PREEMPT_RT kernels and consider alternative architectures or kernel configurations if real-time stability is paramount and patching is not feasible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy
CVE-2024-56585: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix sleeping in atomic context for PREEMPT_RT Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setup_tlb_handler()") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic context" error: [ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 0.372266] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 [ 0.372268] preempt_count: 1, expected: 0 [ 0.372270] RCU nest depth: 1, expected: 1 [ 0.372272] 3 locks held by swapper/1/0: [ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x524/0x1c60 [ 0.372294] #1: 90000000087013b8 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x50/0x140 [ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x30c/0xea0 [ 0.372314] irq event stamp: 0 [ 0.372316] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 0.372322] hardirqs last disabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372329] softirqs last enabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372335] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891 [ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 [ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000 [ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788 [ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001 [ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0 [ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003 [ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003 [ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004 [ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000 [ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000 [ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000 [ 0.372537] ... [ 0.372540] Call Trace: [ 0.372542] [<9000000005924778>] show_stack+0x38/0x180 [ 0.372548] [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [ 0.372555] [<900000000599b880>] __might_resched+0x1a0/0x260 [ 0.372561] [<90000000071675cc>] rt_spin_lock+0x4c/0x140 [ 0.372565] [<9000000005cbb768>] __rmqueue_pcplist+0x308/0xea0 [ 0.372570] [<9000000005cbed84>] get_page_from_freelist+0x564/0x1c60 [ 0.372575] [<9000000005cc0d98>] __alloc_pages_noprof+0x218/0x1820 [ 0.372580] [<900000000593b36c>] tlb_init+0x1ac/0x298 [ 0.372585] [<9000000005924b74>] per_cpu_trap_init+0x114/0x140 [ 0.372589] [<9000000005921964>] cpu_probe+0x4e4/0xa60 [ 0.372592] [<9000000005934874>] start_secondary+0x34/0xc0 [ 0.372599] [<900000000715615c>] smpboot_entry+0x64/0x6c This is because in PREEMPT_RT kernels normal spinlocks are replaced by rt spinlocks and rt_spin_lock() will cause sleeping. Fix it by disabling NUMA optimization completely for PREEMPT_RT kernels.
AI-Powered Analysis
Technical Analysis
CVE-2024-56585 is a vulnerability identified in the Linux kernel specifically affecting the LoongArch architecture when running PREEMPT_RT (Real-Time) kernels. The issue arises from improper handling of memory allocation flags in the kernel's setup_tlb_handler() function. Originally, the allocation used GFP_KERNEL flags, which was changed to GFP_ATOMIC to avoid sleeping in atomic context. However, in PREEMPT_RT kernels, which replace normal spinlocks with real-time (rt) spinlocks, the rt_spin_lock() function can cause sleeping, leading to a "sleeping in atomic context" error. This error manifests as kernel BUG messages indicating that a sleeping function was called from an invalid atomic context, which is critical in real-time systems where sleeping is disallowed in atomic contexts. The root cause is that the NUMA (Non-Uniform Memory Access) optimization is not properly disabled for PREEMPT_RT kernels, allowing the problematic sleeping behavior to persist. The fix involves disabling NUMA optimization entirely for PREEMPT_RT kernels to prevent sleeping in atomic contexts. This vulnerability can cause kernel panics or system instability during memory allocation in real-time environments on LoongArch processors, impacting system reliability and availability. No known exploits are reported in the wild at this time, and the vulnerability is specific to a niche architecture and kernel configuration.
Potential Impact
For European organizations using Linux systems with the LoongArch architecture and PREEMPT_RT kernels—typically in specialized real-time or embedded environments—this vulnerability can lead to kernel panics and system crashes. Such instability can disrupt critical real-time applications, including industrial control systems, telecommunications infrastructure, and embedded devices used in sectors like manufacturing, automotive, and aerospace. The impact on confidentiality and integrity is minimal since this is primarily a stability and availability issue. However, availability disruptions in real-time systems can have significant operational consequences, potentially causing downtime or failure of time-sensitive processes. Given the niche nature of LoongArch processors and PREEMPT_RT kernel usage, the overall impact on mainstream European IT infrastructure is limited, but organizations relying on these specific configurations for critical real-time workloads could face serious reliability issues if unpatched.
Mitigation Recommendations
To mitigate this vulnerability, organizations should: 1) Apply the official Linux kernel patches that disable NUMA optimization for PREEMPT_RT kernels on LoongArch architecture as soon as they become available. 2) For systems where patching is delayed, consider temporarily disabling PREEMPT_RT features if real-time capabilities are not critical, to avoid the sleeping in atomic context issue. 3) Conduct thorough testing of kernel updates in controlled environments to ensure stability before deployment in production real-time systems. 4) Monitor kernel logs for BUG messages related to sleeping in atomic context to detect potential exploitation or manifestation of this issue. 5) Engage with hardware and software vendors to confirm support and patch availability for LoongArch-based systems. 6) For new deployments, evaluate the necessity of using LoongArch with PREEMPT_RT kernels and consider alternative architectures or kernel configurations if real-time stability is paramount and patching is not feasible.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.001Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf306
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 12:10:26 PM
Last updated: 8/6/2025, 11:14:51 PM
Views: 23
Related Threats
CVE-2025-8885: CWE-770 Allocation of Resources Without Limits or Throttling in Legion of the Bouncy Castle Inc. Bouncy Castle for Java
MediumCVE-2025-26398: CWE-798 Use of Hard-coded Credentials in SolarWinds Database Performance Analyzer
MediumCVE-2025-41686: CWE-306 Missing Authentication for Critical Function in Phoenix Contact DaUM
HighCVE-2025-8874: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in litonice13 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations
MediumCVE-2025-8767: CWE-1236 Improper Neutralization of Formula Elements in a CSV File in anwppro AnWP Football Leagues
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.