CVE-2024-57951 is a vulnerability in the Linux kernel's high-resolution timer (hrtimers) subsystem related to improper handling of CPU state transitions during CPU hotplug operations. Specifically, when a CPU transitions from an online state (CPUHP_ONLINE) to an intermediate state during hot unplug (CPUHP_HRTIMERS_PREPARE) and then back online, the kernel fails to properly reset certain per-CPU state variables. The function hrtimers_prepare_cpu() does not execute during this transition, leaving cpu_base.hres_active incorrectly set to 1. Concurrently, the tick and clockevent devices are shut down during CPU unplug at CPUHP_AP_TICK_DYING, but upon returning online, the Completely Fair Scheduler (CFS) mistakenly assumes the hrtick is active. This causes the clockevent device to lose the ability to transition to one-shot mode permanently unless the CPU state cycles back to a lower state than CPUHP_HRTIMERS_PREPARE. Additionally, the cpu_base.online flag is not reset to 1 after the transition, triggering warnings (WARN_ON_ONCE) in enqueue_hrtimer(). The stale per-CPU state can lead to dangling pointers, potentially causing kernel instability or crashes. The fix involves adding a startup callback that resets the stale per-CPU state and sets the online flag correctly, ensuring proper CPU state management during hotplug events. This vulnerability affects multiple Linux kernel versions identified by specific commit hashes and was published on February 12, 2025. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet.

For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions that utilize CPU hotplug functionality, common in high-availability servers, cloud infrastructure, and virtualized environments. Improper CPU state handling can lead to kernel warnings, instability, or crashes, potentially causing denial of service (DoS) conditions. This may disrupt critical services, especially in data centers or cloud platforms heavily reliant on Linux-based systems. While no direct remote code execution or privilege escalation is indicated, the instability could be exploited by local attackers or malicious processes to degrade system reliability. Given the widespread use of Linux in European enterprises, telecommunications, and government infrastructure, the vulnerability could impact service continuity and operational resilience. The lack of known exploits reduces immediate risk, but unpatched systems remain vulnerable to accidental or targeted disruption. Organizations with dynamic CPU management or those employing CPU hotplug for power management or maintenance are particularly at risk.

European organizations should prioritize updating their Linux kernels to versions that include the patch addressing CVE-2024-57951. Since the vulnerability relates to CPU hotplug handling, administrators should audit systems that use CPU hotplug features, especially in virtualized or containerized environments. Specific mitigation steps include: 1) Applying vendor-provided kernel updates or patches promptly; 2) Testing kernel updates in staging environments to ensure compatibility with CPU hotplug operations; 3) Monitoring kernel logs for WARN_ON_ONCE messages related to hrtimers or CPU state transitions as indicators of potential exploitation or instability; 4) Limiting CPU hotplug usage where feasible until patches are applied; 5) Employing kernel hardening and integrity monitoring tools to detect anomalous behavior; 6) Ensuring backup and recovery procedures are robust to mitigate potential service disruptions caused by kernel instability. Additionally, organizations should maintain close communication with Linux distribution vendors for timely security advisories and patches.