CVE-2024-56610: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dump_stack_lvl+0x7e/0xc0 | dump_stack+0x1d/0x30 | __might_resched+0x1a2/0x270 | rt_spin_lock+0x68/0x170 | kcsan_skip_report_debugfs+0x43/0xe0 | print_report+0xb5/0x590 | kcsan_report_known_origin+0x1b1/0x1d0 | kcsan_setup_watchpoint+0x348/0x650 | __tsan_unaligned_write1+0x16d/0x1d0 | hrtimer_interrupt+0x3d6/0x430 | __sysvec_apic_timer_interrupt+0xe8/0x3a0 | sysvec_apic_timer_interrupt+0x97/0xc0 | </IRQ> On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the report_filterlist_lock *non-raw* spinlock which may sleep on RT kernels. Since KCSAN may report data races in any context, convert it to a raw_spinlock. This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused.
AI Analysis
Technical Summary
CVE-2024-56610 addresses a concurrency vulnerability in the Linux kernel related to the Kernel Concurrency Sanitizer (KCSAN) when used with PREEMPT_RT (Real-Time) enabled kernels. KCSAN is a dynamic data race detector designed to identify race conditions in kernel code. The vulnerability arises because KCSAN's reporting logic uses a non-raw spinlock (report_filterlist_lock) to protect access to a filter list that determines whether certain race reports should be filtered out. In PREEMPT_RT kernels, non-raw spinlocks can sleep, which is unsafe in contexts where sleeping is forbidden, such as interrupt contexts or other atomic contexts. This can lead to kernel BUGs or system instability, as evidenced by the reported BUG messages indicating a sleeping function called from an invalid context. The root cause is that KCSAN may report data races from any context, including those where sleeping is disallowed, but the locking mechanism used to protect the filter list is not appropriate for such contexts. The fix involves converting the report_filterlist_lock from a non-raw spinlock to a raw_spinlock, which does not sleep and is safe to use in atomic contexts. This change requires careful memory allocation strategies to avoid sleeping during lock acquisition, achieved by pre-allocating memory optimistically before entering critical sections and discarding it if unused. This vulnerability is specific to kernels compiled with KCSAN and PREEMPT_RT enabled, which are typically used in real-time or embedded Linux environments. It does not affect standard Linux kernel deployments without these configurations. No known exploits are reported in the wild, and the issue primarily concerns kernel stability and correctness rather than direct security breaches like privilege escalation or information disclosure.
Potential Impact
For European organizations, the impact of CVE-2024-56610 is primarily on systems running real-time Linux kernels with KCSAN enabled, which are commonly found in specialized industrial control systems, telecommunications infrastructure, automotive systems, and embedded devices used in critical sectors such as manufacturing, energy, and transportation. Instability or kernel panics caused by this vulnerability could lead to system downtime, affecting availability of critical services. Although this vulnerability does not directly lead to data breaches or privilege escalation, the resulting system crashes could disrupt operations, cause loss of real-time data processing, and increase maintenance costs. Organizations relying on real-time Linux for safety-critical or time-sensitive applications may face increased risk of operational interruptions. The vulnerability is less likely to affect general-purpose IT infrastructure but is significant for sectors where real-time kernel patches are standard. Given the increasing adoption of Linux-based real-time systems in European industrial and automotive sectors, the potential impact includes degraded reliability and increased risk of service outages, which could have cascading effects on supply chains and critical infrastructure.
Mitigation Recommendations
1. Apply the official Linux kernel patches that convert the report_filterlist_lock to a raw_spinlock as soon as they become available from trusted Linux kernel sources or distributions. 2. For organizations using PREEMPT_RT kernels with KCSAN enabled, ensure that kernel builds incorporate this fix and validate stability through rigorous testing in staging environments before deployment. 3. Limit the use of KCSAN in production environments to debugging and development phases, as it is primarily a diagnostic tool and may introduce overhead or instability. 4. Implement strict kernel configuration management to avoid enabling KCSAN in production unless necessary. 5. Monitor kernel logs for BUG messages related to spinlock misuse or invalid context sleeping to detect potential issues early. 6. Coordinate with hardware and embedded system vendors to obtain updated firmware or kernel versions that include this fix, especially for industrial and automotive devices. 7. Establish incident response procedures to quickly recover from kernel panics or crashes caused by this issue, minimizing downtime. 8. Educate system administrators and developers about the implications of using debugging tools like KCSAN in real-time environments to prevent misconfiguration.
Affected Countries
Germany, France, Italy, United Kingdom, Netherlands, Sweden, Finland, Belgium, Poland, Spain
CVE-2024-56610: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dump_stack_lvl+0x7e/0xc0 | dump_stack+0x1d/0x30 | __might_resched+0x1a2/0x270 | rt_spin_lock+0x68/0x170 | kcsan_skip_report_debugfs+0x43/0xe0 | print_report+0xb5/0x590 | kcsan_report_known_origin+0x1b1/0x1d0 | kcsan_setup_watchpoint+0x348/0x650 | __tsan_unaligned_write1+0x16d/0x1d0 | hrtimer_interrupt+0x3d6/0x430 | __sysvec_apic_timer_interrupt+0xe8/0x3a0 | sysvec_apic_timer_interrupt+0x97/0xc0 | </IRQ> On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the report_filterlist_lock *non-raw* spinlock which may sleep on RT kernels. Since KCSAN may report data races in any context, convert it to a raw_spinlock. This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused.
AI-Powered Analysis
Technical Analysis
CVE-2024-56610 addresses a concurrency vulnerability in the Linux kernel related to the Kernel Concurrency Sanitizer (KCSAN) when used with PREEMPT_RT (Real-Time) enabled kernels. KCSAN is a dynamic data race detector designed to identify race conditions in kernel code. The vulnerability arises because KCSAN's reporting logic uses a non-raw spinlock (report_filterlist_lock) to protect access to a filter list that determines whether certain race reports should be filtered out. In PREEMPT_RT kernels, non-raw spinlocks can sleep, which is unsafe in contexts where sleeping is forbidden, such as interrupt contexts or other atomic contexts. This can lead to kernel BUGs or system instability, as evidenced by the reported BUG messages indicating a sleeping function called from an invalid context. The root cause is that KCSAN may report data races from any context, including those where sleeping is disallowed, but the locking mechanism used to protect the filter list is not appropriate for such contexts. The fix involves converting the report_filterlist_lock from a non-raw spinlock to a raw_spinlock, which does not sleep and is safe to use in atomic contexts. This change requires careful memory allocation strategies to avoid sleeping during lock acquisition, achieved by pre-allocating memory optimistically before entering critical sections and discarding it if unused. This vulnerability is specific to kernels compiled with KCSAN and PREEMPT_RT enabled, which are typically used in real-time or embedded Linux environments. It does not affect standard Linux kernel deployments without these configurations. No known exploits are reported in the wild, and the issue primarily concerns kernel stability and correctness rather than direct security breaches like privilege escalation or information disclosure.
Potential Impact
For European organizations, the impact of CVE-2024-56610 is primarily on systems running real-time Linux kernels with KCSAN enabled, which are commonly found in specialized industrial control systems, telecommunications infrastructure, automotive systems, and embedded devices used in critical sectors such as manufacturing, energy, and transportation. Instability or kernel panics caused by this vulnerability could lead to system downtime, affecting availability of critical services. Although this vulnerability does not directly lead to data breaches or privilege escalation, the resulting system crashes could disrupt operations, cause loss of real-time data processing, and increase maintenance costs. Organizations relying on real-time Linux for safety-critical or time-sensitive applications may face increased risk of operational interruptions. The vulnerability is less likely to affect general-purpose IT infrastructure but is significant for sectors where real-time kernel patches are standard. Given the increasing adoption of Linux-based real-time systems in European industrial and automotive sectors, the potential impact includes degraded reliability and increased risk of service outages, which could have cascading effects on supply chains and critical infrastructure.
Mitigation Recommendations
1. Apply the official Linux kernel patches that convert the report_filterlist_lock to a raw_spinlock as soon as they become available from trusted Linux kernel sources or distributions. 2. For organizations using PREEMPT_RT kernels with KCSAN enabled, ensure that kernel builds incorporate this fix and validate stability through rigorous testing in staging environments before deployment. 3. Limit the use of KCSAN in production environments to debugging and development phases, as it is primarily a diagnostic tool and may introduce overhead or instability. 4. Implement strict kernel configuration management to avoid enabling KCSAN in production unless necessary. 5. Monitor kernel logs for BUG messages related to spinlock misuse or invalid context sleeping to detect potential issues early. 6. Coordinate with hardware and embedded system vendors to obtain updated firmware or kernel versions that include this fix, especially for industrial and automotive devices. 7. Establish incident response procedures to quickly recover from kernel panics or crashes caused by this issue, minimizing downtime. 8. Educate system administrators and developers about the implications of using debugging tools like KCSAN in real-time environments to prevent misconfiguration.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T14:03:06.013Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdf39b
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 12:25:43 PM
Last updated: 8/4/2025, 7:00:55 AM
Views: 14
Related Threats
CVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumCVE-2025-8361: CWE-962 Missing Authorization in Drupal Config Pages
HighCVE-2025-8092: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.