CVE-2024-57977: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: memcg: fix soft lockup in the OOM process A soft lockup issue was found in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered. watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066] CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G Hardware name: Huawei Cloud OpenStack Nova, BIOS RIP: 0010:console_unlock+0x343/0x540 RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247 RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040 R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0 R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vprintk_emit+0x193/0x280 printk+0x52/0x6e dump_task+0x114/0x130 mem_cgroup_scan_tasks+0x76/0x100 dump_header+0x1fe/0x210 oom_kill_process+0xd1/0x100 out_of_memory+0x125/0x570 mem_cgroup_out_of_memory+0xb5/0xd0 try_charge+0x720/0x770 mem_cgroup_try_charge+0x86/0x180 mem_cgroup_try_charge_delay+0x1c/0x40 do_anonymous_page+0xb5/0x390 handle_mm_fault+0xc4/0x1f0 This is because thousands of processes are in the OOM cgroup, it takes a long time to traverse all of them. As a result, this lead to soft lockup in the OOM process. To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks' function per 1000 iterations. For global OOM, call 'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
AI Analysis
Technical Summary
CVE-2024-57977 is a vulnerability identified in the Linux kernel related to the memory control group (memcg) subsystem, specifically affecting the Out-Of-Memory (OOM) handling process. The issue arises when a very large number of tasks—approximately 56,000—are present in the OOM cgroup. During the OOM process, the kernel traverses all tasks in this cgroup to determine which process to kill to free memory. However, the traversal of such a large number of tasks causes a soft lockup, where the CPU becomes unresponsive for an extended period (e.g., 23 seconds as observed in the provided kernel logs). This soft lockup is triggered because the kernel does not yield the CPU or reset the watchdog timer during the lengthy traversal, causing the watchdog to detect the CPU as stuck. The root cause is that the mem_cgroup_scan_tasks function, which iterates over tasks in the OOM cgroup, does not periodically call scheduling or watchdog reset functions, leading to the CPU being monopolized for too long. The fix implemented involves inserting calls to cond_resched() every 1000 iterations within mem_cgroup_scan_tasks to allow the scheduler to reschedule other tasks and calling touch_softlockup_watchdog() during global OOM scanning to reset the watchdog timer. This prevents the CPU soft lockup by ensuring the kernel yields and the watchdog is refreshed during long task traversals. This vulnerability affects Linux kernel versions identified by the commit hash 9cbb78bb314360a860a8b23723971cb6fcb54176 and likely other versions with similar memcg OOM handling implementations. The vulnerability does not appear to have known exploits in the wild yet and does not have an assigned CVSS score. However, it can cause system instability and unresponsiveness under specific high-load conditions involving large numbers of processes in the OOM cgroup. The vulnerability is particularly relevant for environments running Linux kernels with memcg enabled and managing large numbers of processes, such as cloud infrastructure, container orchestration platforms, and large-scale virtualized environments.
Potential Impact
For European organizations, the impact of CVE-2024-57977 can be significant in environments relying heavily on Linux-based infrastructure, especially those using containerization (e.g., Docker, Kubernetes) or cloud platforms that utilize cgroups for resource management. The soft lockup can lead to temporary system unresponsiveness, degraded performance, or even service outages if the OOM killer process becomes stuck. This can affect critical services, including web hosting, cloud services, financial transaction processing, and industrial control systems that depend on Linux servers. Organizations operating large-scale compute clusters or multi-tenant cloud environments are at higher risk, as they are more likely to encounter scenarios with thousands of processes in OOM cgroups. The resulting instability could lead to denial of service conditions, impacting availability and potentially causing cascading failures in dependent systems. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can disrupt business operations and service level agreements. Given the widespread use of Linux in European data centers, telecom infrastructure, and government systems, this vulnerability poses a moderate to high operational risk if left unpatched, especially in high-density compute environments.
Mitigation Recommendations
To mitigate CVE-2024-57977, European organizations should: 1. Apply the official Linux kernel patches that introduce calls to cond_resched() and touch_softlockup_watchdog() in the mem_cgroup_scan_tasks function as soon as they become available. This is the definitive fix to prevent soft lockups during OOM processing. 2. Monitor system logs for soft lockup warnings related to the OOM killer or memcg subsystem to detect potential occurrences of this issue. 3. Limit the number of processes within a single OOM cgroup where feasible, by restructuring workloads or cgroup configurations to avoid extremely large task counts that trigger the vulnerability. 4. Implement resource quotas and limits on containers and virtual machines to prevent runaway process creation that could lead to large OOM cgroups. 5. Use kernel versions that have backported this fix if upgrading to the latest mainline kernel is not immediately possible. 6. In cloud or container orchestration environments, review and adjust OOM handling policies and cgroup configurations to minimize the risk of large OOM cgroups. 7. Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These steps go beyond generic advice by focusing on workload and cgroup management strategies specific to this vulnerability's trigger conditions.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Poland, Italy, Spain
CVE-2024-57977: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: memcg: fix soft lockup in the OOM process A soft lockup issue was found in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered. watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066] CPU: 2 PID: 1503066 Comm: VM Thread Kdump: loaded Tainted: G Hardware name: Huawei Cloud OpenStack Nova, BIOS RIP: 0010:console_unlock+0x343/0x540 RSP: 0000:ffffb751447db9a0 EFLAGS: 00000247 ORIG_RAX: ffffffffffffff13 RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000ffffffff RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000247 RBP: ffffffffafc71f90 R08: 0000000000000000 R09: 0000000000000040 R10: 0000000000000080 R11: 0000000000000000 R12: ffffffffafc74bd0 R13: ffffffffaf60a220 R14: 0000000000000247 R15: 0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f2fe6ad91f0 CR3: 00000004b2076003 CR4: 0000000000360ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vprintk_emit+0x193/0x280 printk+0x52/0x6e dump_task+0x114/0x130 mem_cgroup_scan_tasks+0x76/0x100 dump_header+0x1fe/0x210 oom_kill_process+0xd1/0x100 out_of_memory+0x125/0x570 mem_cgroup_out_of_memory+0xb5/0xd0 try_charge+0x720/0x770 mem_cgroup_try_charge+0x86/0x180 mem_cgroup_try_charge_delay+0x1c/0x40 do_anonymous_page+0xb5/0x390 handle_mm_fault+0xc4/0x1f0 This is because thousands of processes are in the OOM cgroup, it takes a long time to traverse all of them. As a result, this lead to soft lockup in the OOM process. To fix this issue, call 'cond_resched' in the 'mem_cgroup_scan_tasks' function per 1000 iterations. For global OOM, call 'touch_softlockup_watchdog' per 1000 iterations to avoid this issue.
AI-Powered Analysis
Technical Analysis
CVE-2024-57977 is a vulnerability identified in the Linux kernel related to the memory control group (memcg) subsystem, specifically affecting the Out-Of-Memory (OOM) handling process. The issue arises when a very large number of tasks—approximately 56,000—are present in the OOM cgroup. During the OOM process, the kernel traverses all tasks in this cgroup to determine which process to kill to free memory. However, the traversal of such a large number of tasks causes a soft lockup, where the CPU becomes unresponsive for an extended period (e.g., 23 seconds as observed in the provided kernel logs). This soft lockup is triggered because the kernel does not yield the CPU or reset the watchdog timer during the lengthy traversal, causing the watchdog to detect the CPU as stuck. The root cause is that the mem_cgroup_scan_tasks function, which iterates over tasks in the OOM cgroup, does not periodically call scheduling or watchdog reset functions, leading to the CPU being monopolized for too long. The fix implemented involves inserting calls to cond_resched() every 1000 iterations within mem_cgroup_scan_tasks to allow the scheduler to reschedule other tasks and calling touch_softlockup_watchdog() during global OOM scanning to reset the watchdog timer. This prevents the CPU soft lockup by ensuring the kernel yields and the watchdog is refreshed during long task traversals. This vulnerability affects Linux kernel versions identified by the commit hash 9cbb78bb314360a860a8b23723971cb6fcb54176 and likely other versions with similar memcg OOM handling implementations. The vulnerability does not appear to have known exploits in the wild yet and does not have an assigned CVSS score. However, it can cause system instability and unresponsiveness under specific high-load conditions involving large numbers of processes in the OOM cgroup. The vulnerability is particularly relevant for environments running Linux kernels with memcg enabled and managing large numbers of processes, such as cloud infrastructure, container orchestration platforms, and large-scale virtualized environments.
Potential Impact
For European organizations, the impact of CVE-2024-57977 can be significant in environments relying heavily on Linux-based infrastructure, especially those using containerization (e.g., Docker, Kubernetes) or cloud platforms that utilize cgroups for resource management. The soft lockup can lead to temporary system unresponsiveness, degraded performance, or even service outages if the OOM killer process becomes stuck. This can affect critical services, including web hosting, cloud services, financial transaction processing, and industrial control systems that depend on Linux servers. Organizations operating large-scale compute clusters or multi-tenant cloud environments are at higher risk, as they are more likely to encounter scenarios with thousands of processes in OOM cgroups. The resulting instability could lead to denial of service conditions, impacting availability and potentially causing cascading failures in dependent systems. While this vulnerability does not directly expose confidentiality or integrity risks, the availability impact can disrupt business operations and service level agreements. Given the widespread use of Linux in European data centers, telecom infrastructure, and government systems, this vulnerability poses a moderate to high operational risk if left unpatched, especially in high-density compute environments.
Mitigation Recommendations
To mitigate CVE-2024-57977, European organizations should: 1. Apply the official Linux kernel patches that introduce calls to cond_resched() and touch_softlockup_watchdog() in the mem_cgroup_scan_tasks function as soon as they become available. This is the definitive fix to prevent soft lockups during OOM processing. 2. Monitor system logs for soft lockup warnings related to the OOM killer or memcg subsystem to detect potential occurrences of this issue. 3. Limit the number of processes within a single OOM cgroup where feasible, by restructuring workloads or cgroup configurations to avoid extremely large task counts that trigger the vulnerability. 4. Implement resource quotas and limits on containers and virtual machines to prevent runaway process creation that could lead to large OOM cgroups. 5. Use kernel versions that have backported this fix if upgrading to the latest mainline kernel is not immediately possible. 6. In cloud or container orchestration environments, review and adjust OOM handling policies and cgroup configurations to minimize the risk of large OOM cgroups. 7. Conduct thorough testing of kernel updates in staging environments to ensure stability before deployment in production. These steps go beyond generic advice by focusing on workload and cgroup management strategies specific to this vulnerability's trigger conditions.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-27T02:04:28.912Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdeb7c
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 9:26:55 AM
Last updated: 8/13/2025, 10:07:40 AM
Views: 16
Related Threats
CVE-2025-9053: SQL Injection in projectworlds Travel Management System
MediumCVE-2025-9052: SQL Injection in projectworlds Travel Management System
MediumPlex warns users to patch security vulnerability immediately
HighCVE-2025-9019: Heap-based Buffer Overflow in tcpreplay
LowCVE-2025-9017: Cross Site Scripting in PHPGurukul Zoo Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.