CVE-2024-56641: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0 Workqueue: events smc_lgr_terminate_work [smc] RIP: 0010:__flush_work+0x19e/0x1b0 Call Trace: ? __wake_up_common+0x7a/0x190 ? work_busy+0x80/0x80 __cancel_work_timer+0xe3/0x160 smc_close_cancel_work+0x1a/0x70 [smc] smc_close_active_abort+0x207/0x360 [smc] __smc_lgr_terminate.part.38+0xc8/0x180 [smc] process_one_work+0x19e/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x117/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x22/0x30 This is because when smc_close_cancel_work is triggered, e.g. the RDMA driver is rmmod and the LGR is terminated, the conn->close_work is flushed before initialization, resulting in WARN_ON(!work->func). __smc_lgr_terminate | smc_connect_{rdma|ism} ------------------------------------------------------------- | smc_conn_create | \- smc_lgr_register_conn for conn in lgr->conns_all | \- smc_conn_kill | \- smc_close_active_abort | \- smc_close_cancel_work | \- cancel_work_sync | \- __flush_work | (close_work) | | smc_close_init | \- INIT_WORK(&close_work) So fix this by initializing close_work before establishing the connection.
AI Analysis
Technical Summary
CVE-2024-56641 is a vulnerability identified in the Linux kernel's SMC (Shared Memory Communications) subsystem, specifically related to the initialization timing of the close_work structure within the smc connection termination process. The issue arises because the close_work workqueue item is flushed (canceled) before it has been properly initialized. This leads to a kernel warning triggered by WARN_ON(!work->func) in the __flush_work function, indicating that the work item function pointer is null or uninitialized. The root cause is that during the termination of an SMC logical group (LGR) — for example, when the RDMA driver is removed (rmmod) and the LGR is terminated — the conn->close_work is canceled prematurely before the INIT_WORK macro has been called to initialize it. The call stack shows that smc_close_cancel_work calls cancel_work_sync on close_work, which then calls __flush_work, triggering the warning. The fix involves ensuring that close_work is initialized early, before the connection is fully established, preventing the race condition where close_work is canceled before initialization. This vulnerability does not appear to allow direct code execution or privilege escalation but can cause kernel warnings and potentially unstable kernel behavior due to improper workqueue handling. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions identified by the commit hashes provided, which correspond to recent kernel snapshots or releases around the time of disclosure (December 2024).
Potential Impact
For European organizations relying on Linux servers, especially those using the SMC protocol for high-performance networking or RDMA (Remote Direct Memory Access) drivers, this vulnerability could lead to kernel instability or unexpected warnings that may degrade system reliability. While it does not directly enable remote code execution or privilege escalation, the improper handling of workqueue items could cause system crashes or denial of service in critical network communication paths. Organizations running data centers, cloud infrastructure, or HPC clusters that utilize Linux kernels with affected versions might experience service interruptions or require emergency kernel updates. The impact is more operational and stability-related rather than a direct security breach, but it could indirectly affect availability and system integrity if exploited or triggered under certain workloads.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that initialize close_work early in the SMC subsystem before connection establishment. 2) Monitor kernel logs for warnings related to workqueue cancellations or smc_close_cancel_work to detect potential triggering of this issue. 3) Avoid unloading RDMA drivers or terminating SMC logical groups during peak operational hours to reduce risk of triggering the race condition. 4) Test kernel updates in staging environments to ensure stability before production deployment. 5) For critical systems, consider disabling SMC or RDMA features temporarily if patching is delayed and if these features are not essential. 6) Maintain up-to-date kernel versions and subscribe to Linux kernel security advisories to receive timely updates. 7) Employ kernel live patching solutions where possible to reduce downtime during patch application.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark
CVE-2024-56641: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0 Workqueue: events smc_lgr_terminate_work [smc] RIP: 0010:__flush_work+0x19e/0x1b0 Call Trace: ? __wake_up_common+0x7a/0x190 ? work_busy+0x80/0x80 __cancel_work_timer+0xe3/0x160 smc_close_cancel_work+0x1a/0x70 [smc] smc_close_active_abort+0x207/0x360 [smc] __smc_lgr_terminate.part.38+0xc8/0x180 [smc] process_one_work+0x19e/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x117/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x22/0x30 This is because when smc_close_cancel_work is triggered, e.g. the RDMA driver is rmmod and the LGR is terminated, the conn->close_work is flushed before initialization, resulting in WARN_ON(!work->func). __smc_lgr_terminate | smc_connect_{rdma|ism} ------------------------------------------------------------- | smc_conn_create | \- smc_lgr_register_conn for conn in lgr->conns_all | \- smc_conn_kill | \- smc_close_active_abort | \- smc_close_cancel_work | \- cancel_work_sync | \- __flush_work | (close_work) | | smc_close_init | \- INIT_WORK(&close_work) So fix this by initializing close_work before establishing the connection.
AI-Powered Analysis
Technical Analysis
CVE-2024-56641 is a vulnerability identified in the Linux kernel's SMC (Shared Memory Communications) subsystem, specifically related to the initialization timing of the close_work structure within the smc connection termination process. The issue arises because the close_work workqueue item is flushed (canceled) before it has been properly initialized. This leads to a kernel warning triggered by WARN_ON(!work->func) in the __flush_work function, indicating that the work item function pointer is null or uninitialized. The root cause is that during the termination of an SMC logical group (LGR) — for example, when the RDMA driver is removed (rmmod) and the LGR is terminated — the conn->close_work is canceled prematurely before the INIT_WORK macro has been called to initialize it. The call stack shows that smc_close_cancel_work calls cancel_work_sync on close_work, which then calls __flush_work, triggering the warning. The fix involves ensuring that close_work is initialized early, before the connection is fully established, preventing the race condition where close_work is canceled before initialization. This vulnerability does not appear to allow direct code execution or privilege escalation but can cause kernel warnings and potentially unstable kernel behavior due to improper workqueue handling. No known exploits are reported in the wild, and no CVSS score has been assigned yet. The vulnerability affects Linux kernel versions identified by the commit hashes provided, which correspond to recent kernel snapshots or releases around the time of disclosure (December 2024).
Potential Impact
For European organizations relying on Linux servers, especially those using the SMC protocol for high-performance networking or RDMA (Remote Direct Memory Access) drivers, this vulnerability could lead to kernel instability or unexpected warnings that may degrade system reliability. While it does not directly enable remote code execution or privilege escalation, the improper handling of workqueue items could cause system crashes or denial of service in critical network communication paths. Organizations running data centers, cloud infrastructure, or HPC clusters that utilize Linux kernels with affected versions might experience service interruptions or require emergency kernel updates. The impact is more operational and stability-related rather than a direct security breach, but it could indirectly affect availability and system integrity if exploited or triggered under certain workloads.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should: 1) Apply the official Linux kernel patches that initialize close_work early in the SMC subsystem before connection establishment. 2) Monitor kernel logs for warnings related to workqueue cancellations or smc_close_cancel_work to detect potential triggering of this issue. 3) Avoid unloading RDMA drivers or terminating SMC logical groups during peak operational hours to reduce risk of triggering the race condition. 4) Test kernel updates in staging environments to ensure stability before production deployment. 5) For critical systems, consider disabling SMC or RDMA features temporarily if patching is delayed and if these features are not essential. 6) Maintain up-to-date kernel versions and subscribe to Linux kernel security advisories to receive timely updates. 7) Employ kernel live patching solutions where possible to reduce downtime during patch application.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-12-27T15:00:39.839Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9822c4522896dcbde449
Added to database: 5/21/2025, 9:08:50 AM
Last enriched: 6/28/2025, 6:27:14 AM
Last updated: 7/31/2025, 1:11:55 PM
Views: 13
Related Threats
CVE-2025-8820: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8819: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8818: OS Command Injection in Linksys RE6250
MediumCVE-2025-8816: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-8815: Path Traversal in 猫宁i Morning
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.