CVE-2024-58004: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens when we do not remove cpu latency request on error path and free corresponding memory. [ 30.634378] l7 kernel: list_add corruption. prev->next should be next (ffffffff9645e960), but was 0000000100100001. (prev=ffff8e9e877e20a8). [ 30.634388] l7 kernel: WARNING: CPU: 2 PID: 2008 at lib/list_debug.c:32 __list_add_valid_or_report+0x83/0xa0 <snip> [ 30.634640] l7 kernel: Call Trace: [ 30.634650] l7 kernel: <TASK> [ 30.634659] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634669] l7 kernel: ? __warn.cold+0x93/0xf6 [ 30.634678] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634690] l7 kernel: ? report_bug+0xff/0x140 [ 30.634702] l7 kernel: ? handle_bug+0x58/0x90 [ 30.634712] l7 kernel: ? exc_invalid_op+0x17/0x70 [ 30.634723] l7 kernel: ? asm_exc_invalid_op+0x1a/0x20 [ 30.634733] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634742] l7 kernel: plist_add+0xdd/0x140 [ 30.634754] l7 kernel: pm_qos_update_target+0xa0/0x1f0 [ 30.634764] l7 kernel: cpu_latency_qos_update_request+0x61/0xc0 [ 30.634773] l7 kernel: intel_dp_aux_xfer+0x4c7/0x6e0 [i915 1f824655ed04687c2b0d23dbce759fa785f6d033]
AI Analysis
Technical Summary
CVE-2024-58004 is a vulnerability identified in the Linux kernel specifically affecting the media subsystem related to Intel's IPU6 (Image Processing Unit 6). The issue arises from improper handling of CPU latency Quality of Service (QoS) requests during error conditions. When an error occurs, the kernel fails to remove the CPU latency QoS request and free the associated memory, leading to corruption of the CPU latency QoS linked list. This corruption manifests as invalid pointer references and list structure inconsistencies, causing kernel warnings and potential instability. The kernel logs indicate list_add corruption where the previous node's next pointer is incorrect, triggering kernel warnings and call traces related to list management functions such as __list_add_valid_or_report and pm_qos_update_target. The vulnerability is rooted in the failure to properly clean up QoS requests on error paths, which can lead to memory corruption and potentially kernel crashes or undefined behavior. The affected code paths involve the Intel graphics driver (i915) and the CPU latency QoS subsystem, which are critical for managing performance and power characteristics. Although no known exploits are reported in the wild, the flaw could be leveraged to cause denial of service or potentially escalate privileges if combined with other vulnerabilities. The vulnerability affects specific Linux kernel versions identified by commit hashes, and a patch has been released to remove the CPU latency QoS request on error, preventing list corruption and memory leaks.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with Intel IPU6 hardware and the i915 graphics driver enabled. The impact includes potential system instability, kernel panics, or denial of service due to kernel memory corruption. This can disrupt critical services, especially in environments relying on Linux servers for media processing, graphics workloads, or embedded systems using Intel IPU6 technology. Confidentiality and integrity impacts are limited unless combined with other vulnerabilities, but availability is at risk due to possible kernel crashes. Organizations in sectors such as telecommunications, media production, cloud service providers, and industrial control systems that deploy affected Linux kernels could experience operational disruptions. Given the kernel-level nature of the flaw, exploitation could affect a wide range of Linux distributions commonly used in Europe, including Ubuntu, Debian, Red Hat, and SUSE, particularly on Intel hardware platforms. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation and maintain system reliability.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-58004. Specifically, they should track vendor advisories and apply kernel updates that remove the CPU latency QoS request on error paths to prevent list corruption. System administrators should audit their environments for the presence of Intel IPU6 hardware and the i915 driver usage to assess exposure. In environments where immediate patching is not feasible, consider disabling or limiting the use of CPU latency QoS features related to Intel IPU6, if possible, to reduce risk. Monitoring kernel logs for warnings related to list corruption or CPU latency QoS can help detect attempts to trigger the vulnerability. Additionally, implementing robust kernel crash recovery and system monitoring can mitigate operational impacts. For critical systems, testing kernel updates in staging environments before deployment is recommended to ensure stability. Finally, maintain a comprehensive inventory of Linux kernel versions and hardware configurations to facilitate rapid response to such vulnerabilities.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2024-58004: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: remove cpu latency qos request on error Fix cpu latency qos list corruption like below. It happens when we do not remove cpu latency request on error path and free corresponding memory. [ 30.634378] l7 kernel: list_add corruption. prev->next should be next (ffffffff9645e960), but was 0000000100100001. (prev=ffff8e9e877e20a8). [ 30.634388] l7 kernel: WARNING: CPU: 2 PID: 2008 at lib/list_debug.c:32 __list_add_valid_or_report+0x83/0xa0 <snip> [ 30.634640] l7 kernel: Call Trace: [ 30.634650] l7 kernel: <TASK> [ 30.634659] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634669] l7 kernel: ? __warn.cold+0x93/0xf6 [ 30.634678] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634690] l7 kernel: ? report_bug+0xff/0x140 [ 30.634702] l7 kernel: ? handle_bug+0x58/0x90 [ 30.634712] l7 kernel: ? exc_invalid_op+0x17/0x70 [ 30.634723] l7 kernel: ? asm_exc_invalid_op+0x1a/0x20 [ 30.634733] l7 kernel: ? __list_add_valid_or_report+0x83/0xa0 [ 30.634742] l7 kernel: plist_add+0xdd/0x140 [ 30.634754] l7 kernel: pm_qos_update_target+0xa0/0x1f0 [ 30.634764] l7 kernel: cpu_latency_qos_update_request+0x61/0xc0 [ 30.634773] l7 kernel: intel_dp_aux_xfer+0x4c7/0x6e0 [i915 1f824655ed04687c2b0d23dbce759fa785f6d033]
AI-Powered Analysis
Technical Analysis
CVE-2024-58004 is a vulnerability identified in the Linux kernel specifically affecting the media subsystem related to Intel's IPU6 (Image Processing Unit 6). The issue arises from improper handling of CPU latency Quality of Service (QoS) requests during error conditions. When an error occurs, the kernel fails to remove the CPU latency QoS request and free the associated memory, leading to corruption of the CPU latency QoS linked list. This corruption manifests as invalid pointer references and list structure inconsistencies, causing kernel warnings and potential instability. The kernel logs indicate list_add corruption where the previous node's next pointer is incorrect, triggering kernel warnings and call traces related to list management functions such as __list_add_valid_or_report and pm_qos_update_target. The vulnerability is rooted in the failure to properly clean up QoS requests on error paths, which can lead to memory corruption and potentially kernel crashes or undefined behavior. The affected code paths involve the Intel graphics driver (i915) and the CPU latency QoS subsystem, which are critical for managing performance and power characteristics. Although no known exploits are reported in the wild, the flaw could be leveraged to cause denial of service or potentially escalate privileges if combined with other vulnerabilities. The vulnerability affects specific Linux kernel versions identified by commit hashes, and a patch has been released to remove the CPU latency QoS request on error, preventing list corruption and memory leaks.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running affected Linux kernel versions with Intel IPU6 hardware and the i915 graphics driver enabled. The impact includes potential system instability, kernel panics, or denial of service due to kernel memory corruption. This can disrupt critical services, especially in environments relying on Linux servers for media processing, graphics workloads, or embedded systems using Intel IPU6 technology. Confidentiality and integrity impacts are limited unless combined with other vulnerabilities, but availability is at risk due to possible kernel crashes. Organizations in sectors such as telecommunications, media production, cloud service providers, and industrial control systems that deploy affected Linux kernels could experience operational disruptions. Given the kernel-level nature of the flaw, exploitation could affect a wide range of Linux distributions commonly used in Europe, including Ubuntu, Debian, Red Hat, and SUSE, particularly on Intel hardware platforms. The lack of known exploits reduces immediate risk, but the vulnerability should be addressed promptly to prevent potential exploitation and maintain system reliability.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2024-58004. Specifically, they should track vendor advisories and apply kernel updates that remove the CPU latency QoS request on error paths to prevent list corruption. System administrators should audit their environments for the presence of Intel IPU6 hardware and the i915 driver usage to assess exposure. In environments where immediate patching is not feasible, consider disabling or limiting the use of CPU latency QoS features related to Intel IPU6, if possible, to reduce risk. Monitoring kernel logs for warnings related to list corruption or CPU latency QoS can help detect attempts to trigger the vulnerability. Additionally, implementing robust kernel crash recovery and system monitoring can mitigate operational impacts. For critical systems, testing kernel updates in staging environments before deployment is recommended to ensure stability. Finally, maintain a comprehensive inventory of Linux kernel versions and hardware configurations to facilitate rapid response to such vulnerabilities.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-27T02:10:48.226Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9823c4522896dcbdec93
Added to database: 5/21/2025, 9:08:51 AM
Last enriched: 6/28/2025, 9:55:09 AM
Last updated: 7/28/2025, 2:25:53 PM
Views: 9
Related Threats
CVE-2025-8982: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-8981: SQL Injection in itsourcecode Online Tour and Travel Management System
MediumCVE-2025-50862: n/a
MediumCVE-2025-50861: n/a
HighCVE-2025-8978: Insufficient Verification of Data Authenticity in D-Link DIR-619L
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.