CVE-2024-56589: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0xdc [ 214.579480][ C240] lr : fput+0x1c/0xf0 [ 214.583302][ C240] sp : ffff80002de2b900 [ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000 [ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000 [ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000 [ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001 [ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000 [ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000 [ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0 [ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff [ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c [ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0 [ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001 [ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080 [ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554 [ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020 [ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8 [ 214.677191][ C240] Call trace: [ 214.680320][ C240] fput_many+0x8c/0xdc [ 214.684230][ C240] fput+0x1c/0xf0 [ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc [ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140 [ 214.696917][ C240] bio_endio+0x160/0x1bc [ 214.701001][ C240] blk_update_request+0x1c8/0x3bc [ 214.705867][ C240] scsi_end_request+0x3c/0x1f0 [ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0 [ 214.715249][ C240] scsi_finish_command+0x104/0x140 [ 214.720200][ C240] scsi_softirq_done+0x90/0x180 [ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70 [ 214.730016][ C240] scsi_mq_done+0x48/0xac [ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas] [ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw] [ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw] [ 214.752179][ C240] irq_thread_fn+0x34/0xa4 [ 214.756435][ C240] irq_thread+0xc4/0x130 [ 214.760520][ C240] kthread+0x108/0x13c [ 214.764430][ C240] ret_from_fork+0x10/0x18 This is because in the hisi_sas driver, both the hardware interrupt handler and the interrupt thread are executed on the same CPU. In the performance test scenario, function irq_wait_for_interrupt() will always return 0 if lots of interrupts occurs and the CPU will be continuously consumed. As a result, the CPU cannot run the watchdog thread. When the watchdog time exceeds the specified time, call trace occurs. To fix it, add cond_resched() to execute the watchdog thread.
AI Analysis
Technical Summary
CVE-2024-56589 is a vulnerability identified in the Linux kernel specifically affecting the hisi_sas driver, which manages SAS (Serial Attached SCSI) storage devices on HiSilicon hardware platforms. The issue arises in Linux kernels configured with a no forced preemption model when an expander is connected to multiple high-performance SAS SSDs (up to 12 in the described scenario). Under these conditions, the driver’s hardware interrupt handler and the interrupt thread execute on the same CPU core. The function irq_wait_for_interrupt() continuously returns 0 due to frequent interrupts, causing the CPU to be consumed indefinitely in interrupt handling. This prevents the Linux watchdog thread from running, leading to a soft lockup where the CPU appears stuck for an extended period (e.g., 22 seconds as shown in the call trace). The lockup manifests as a kernel bug detected by the watchdog, resulting in system instability and potential denial of service. The root cause is the lack of a conditional reschedule (cond_resched()) call in the interrupt handling path, which would allow the scheduler to run other tasks, including the watchdog. The fix involves adding cond_resched() to the hisi_sas driver code to ensure that the CPU can yield to the watchdog thread and prevent lockups. This vulnerability is not related to memory corruption or privilege escalation but rather to CPU scheduling and interrupt handling inefficiency under heavy SAS SSD load on specific hardware and kernel configurations.
Potential Impact
For European organizations, particularly those using Linux servers with HiSilicon SAS controllers managing multiple high-performance SAS SSDs, this vulnerability can cause system instability and downtime due to CPU soft lockups. Such lockups can disrupt critical storage operations, impacting data availability and potentially causing denial of service in storage-heavy environments like data centers, cloud providers, and enterprises relying on high-speed SAS storage arrays. The impact is primarily on availability rather than confidentiality or integrity. Organizations running Linux kernels with no forced preemption models on affected hardware may experience degraded performance or system crashes under heavy I/O loads. This can affect business continuity, especially in sectors with stringent uptime requirements such as finance, telecommunications, and manufacturing. Since the vulnerability does not require user interaction or authentication, any workload triggering heavy SAS SSD I/O on vulnerable systems is at risk. However, the exploitability is limited to specific hardware and kernel configurations, reducing the overall attack surface.
Mitigation Recommendations
European organizations should first identify if their Linux systems use the hisi_sas driver with no forced preemption kernel models and are connected to multiple high-performance SAS SSDs, particularly on HiSilicon hardware platforms. Applying the official Linux kernel patches that add cond_resched() in the hisi_sas driver is the primary mitigation step. If patches are not immediately available, organizations can consider temporarily switching to a forced preemption kernel model if feasible, to avoid the CPU starvation scenario. Monitoring system logs for soft lockup warnings and CPU stalls related to irq/149-hisi_sa interrupts can help detect attempts to trigger this issue. Additionally, workload balancing to reduce simultaneous SAS SSD I/O on affected systems can mitigate the risk. For critical environments, testing kernel updates in staging before production deployment is recommended to ensure stability. Vendors and Linux distributions should be engaged to provide timely patched kernel releases. Finally, organizations should maintain robust backup and disaster recovery plans to mitigate potential availability impacts from system instability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy
CVE-2024-56589: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0xdc [ 214.579480][ C240] lr : fput+0x1c/0xf0 [ 214.583302][ C240] sp : ffff80002de2b900 [ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000 [ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000 [ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000 [ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001 [ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000 [ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000 [ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0 [ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff [ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c [ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0 [ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001 [ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080 [ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554 [ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020 [ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8 [ 214.677191][ C240] Call trace: [ 214.680320][ C240] fput_many+0x8c/0xdc [ 214.684230][ C240] fput+0x1c/0xf0 [ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc [ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140 [ 214.696917][ C240] bio_endio+0x160/0x1bc [ 214.701001][ C240] blk_update_request+0x1c8/0x3bc [ 214.705867][ C240] scsi_end_request+0x3c/0x1f0 [ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0 [ 214.715249][ C240] scsi_finish_command+0x104/0x140 [ 214.720200][ C240] scsi_softirq_done+0x90/0x180 [ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70 [ 214.730016][ C240] scsi_mq_done+0x48/0xac [ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas] [ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw] [ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw] [ 214.752179][ C240] irq_thread_fn+0x34/0xa4 [ 214.756435][ C240] irq_thread+0xc4/0x130 [ 214.760520][ C240] kthread+0x108/0x13c [ 214.764430][ C240] ret_from_fork+0x10/0x18 This is because in the hisi_sas driver, both the hardware interrupt handler and the interrupt thread are executed on the same CPU. In the performance test scenario, function irq_wait_for_interrupt() will always return 0 if lots of interrupts occurs and the CPU will be continuously consumed. As a result, the CPU cannot run the watchdog thread. When the watchdog time exceeds the specified time, call trace occurs. To fix it, add cond_resched() to execute the watchdog thread.
AI-Powered Analysis
Technical Analysis
CVE-2024-56589 is a vulnerability identified in the Linux kernel specifically affecting the hisi_sas driver, which manages SAS (Serial Attached SCSI) storage devices on HiSilicon hardware platforms. The issue arises in Linux kernels configured with a no forced preemption model when an expander is connected to multiple high-performance SAS SSDs (up to 12 in the described scenario). Under these conditions, the driver’s hardware interrupt handler and the interrupt thread execute on the same CPU core. The function irq_wait_for_interrupt() continuously returns 0 due to frequent interrupts, causing the CPU to be consumed indefinitely in interrupt handling. This prevents the Linux watchdog thread from running, leading to a soft lockup where the CPU appears stuck for an extended period (e.g., 22 seconds as shown in the call trace). The lockup manifests as a kernel bug detected by the watchdog, resulting in system instability and potential denial of service. The root cause is the lack of a conditional reschedule (cond_resched()) call in the interrupt handling path, which would allow the scheduler to run other tasks, including the watchdog. The fix involves adding cond_resched() to the hisi_sas driver code to ensure that the CPU can yield to the watchdog thread and prevent lockups. This vulnerability is not related to memory corruption or privilege escalation but rather to CPU scheduling and interrupt handling inefficiency under heavy SAS SSD load on specific hardware and kernel configurations.
Potential Impact
For European organizations, particularly those using Linux servers with HiSilicon SAS controllers managing multiple high-performance SAS SSDs, this vulnerability can cause system instability and downtime due to CPU soft lockups. Such lockups can disrupt critical storage operations, impacting data availability and potentially causing denial of service in storage-heavy environments like data centers, cloud providers, and enterprises relying on high-speed SAS storage arrays. The impact is primarily on availability rather than confidentiality or integrity. Organizations running Linux kernels with no forced preemption models on affected hardware may experience degraded performance or system crashes under heavy I/O loads. This can affect business continuity, especially in sectors with stringent uptime requirements such as finance, telecommunications, and manufacturing. Since the vulnerability does not require user interaction or authentication, any workload triggering heavy SAS SSD I/O on vulnerable systems is at risk. However, the exploitability is limited to specific hardware and kernel configurations, reducing the overall attack surface.
Mitigation Recommendations
European organizations should first identify if their Linux systems use the hisi_sas driver with no forced preemption kernel models and are connected to multiple high-performance SAS SSDs, particularly on HiSilicon hardware platforms. Applying the official Linux kernel patches that add cond_resched() in the hisi_sas driver is the primary mitigation step. If patches are not immediately available, organizations can consider temporarily switching to a forced preemption kernel model if feasible, to avoid the CPU starvation scenario. Monitoring system logs for soft lockup warnings and CPU stalls related to irq/149-hisi_sa interrupts can help detect attempts to trigger this issue. Additionally, workload balancing to reduce simultaneous SAS SSD I/O on affected systems can mitigate the risk. For critical environments, testing kernel updates in staging before production deployment is recommended to ensure stability. Vendors and Linux distributions should be engaged to provide timely patched kernel releases. Finally, organizations should maintain robust backup and disaster recovery plans to mitigate potential availability impacts from system instability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.002Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf32e
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 12:11:30 PM
Last updated: 8/14/2025, 9:56:13 AM
Views: 13
Related Threats
CVE-2025-8878: CWE-94 Improper Control of Generation of Code ('Code Injection') in properfraction Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress
MediumCVE-2025-8143: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pencidesign Soledad
MediumCVE-2025-8142: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in pencidesign Soledad
HighCVE-2025-8105: CWE-94 Improper Control of Generation of Code ('Code Injection') in pencidesign Soledad
HighCVE-2025-8719: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in reubenthiessen Translate This gTranslate Shortcode
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.