Description
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix rcu_read_unlock() deadloop due to IRQ work During rcu_read_unlock_special(), if this happens during irq_exit(), we can lockup if an IPI is issued. This is because the IPI itself triggers the irq_exit() path causing a recursive lock up. This is precisely what Xiongfeng found when invoking a BPF program on the trace_tick_stop() tracepoint As shown in the trace below. Fix by managing the irq_work state correctly. irq_exit() __irq_exit_rcu() /* in_hardirq() returns false after this */ preempt_count_sub(HARDIRQ_OFFSET) tick_irq_exit() tick_nohz_irq_exit() tick_nohz_stop_sched_tick() trace_tick_stop() /* a bpf prog is hooked on this trace point */ __bpf_trace_tick_stop() bpf_trace_run2() rcu_read_unlock_special() /* will send a IPI to itself */ irq_work_queue_on(&rdp->defer_qs_iw, rdp->cpu); A simple reproducer can also be obtained by doing the following in tick_irq_exit(). It will hang on boot without the patch: static inline void tick_irq_exit(void) { + rcu_read_lock(); + WRITE_ONCE(current->rcu_read_unlock_special.b.need_qs, true); + rcu_read_unlock(); + [neeraj: Apply Frederic's suggested fix for PREEMPT_RT]
Details
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Affected Packages
| Software | From version | Fixed in |
|---|---|---|
| linux | — | 6.8.0-100.100 |
| linux-allwinner-5.19 | — | — |
| linux-aws | — | 6.8.0-1046.49 |
| linux-aws-5.0 | — | — |
| linux-aws-5.11 | — | — |
| linux-aws-5.13 | — | — |
| linux-aws-5.15 | — | — |
| linux-aws-5.19 | — | — |
| linux-aws-5.3 | — | — |
| linux-aws-5.4 | — | — |
| linux-aws-5.8 | — | — |
| linux-aws-6.14 | — | — |
| linux-aws-6.2 | — | — |
| linux-aws-6.5 | — | — |
| linux-aws-6.8 | — | 6.8.0-1046.49~22.04.1 |
| linux-aws-fips | — | 6.8.0-1046.49+fips1 |
| linux-aws-hwe | — | — |
| linux-azure | — | 6.8.0-1046.52 |
| linux-azure-4.15 | — | — |
| linux-azure-5.11 | — | — |
| linux-azure-5.13 | — | — |
| linux-azure-5.15 | — | — |
| linux-azure-5.19 | — | — |
| linux-azure-5.3 | — | — |
| linux-azure-5.4 | — | — |
| linux-azure-5.8 | — | — |
| linux-azure-6.11 | — | — |
| linux-azure-6.14 | — | — |
| linux-azure-6.2 | — | — |
| linux-azure-6.5 | — | — |
| linux-azure-6.8 | — | 6.8.0-1051.57~22.04.1 |
| linux-azure-edge | — | — |
| linux-azure-fde | — | — |
| linux-azure-fde-5.15 | — | — |
| linux-azure-fde-5.19 | — | — |
| linux-azure-fde-6.14 | — | — |
| linux-azure-fde-6.17 | — | — |
| linux-azure-fde-6.2 | — | — |
| linux-azure-fde-6.8 | — | — |
| linux-azure-fips | — | 6.8.0-1046.52+fips1 |
| linux-azure-nvidia | — | — |
| linux-azure-nvidia-6.14 | — | — |
| linux-bluefield | — | — |
| linux-fips | — | 6.8.0-100.100+fips1 |
| linux-gcp | — | 6.8.0-1047.50 |
| linux-gcp-4.15 | — | — |
| linux-gcp-5.11 | — | — |
| linux-gcp-5.13 | — | — |
| linux-gcp-5.15 | — | — |
| linux-gcp-5.19 | — | — |
| linux-gcp-5.3 | — | — |
| linux-gcp-5.4 | — | — |
| linux-gcp-5.8 | — | — |
| linux-gcp-6.11 | — | — |
| linux-gcp-6.14 | — | — |
| linux-gcp-6.2 | — | — |
| linux-gcp-6.5 | — | — |
| linux-gcp-6.8 | — | 6.8.0-1047.50~22.04.2 |
| linux-gcp-fips | — | 6.8.0-1047.50+fips1 |
| linux-gke | — | 6.8.0-1043.48 |
| linux-gke-4.15 | — | — |
| linux-gke-5.15 | — | — |
| linux-gke-5.4 | — | — |
| linux-gkeop | — | 6.8.0-1030.33 |
| linux-gkeop-5.15 | — | — |
| linux-gkeop-5.4 | — | — |
| linux-hwe | — | — |
| linux-hwe-5.11 | — | — |
| linux-hwe-5.13 | — | — |
| linux-hwe-5.15 | — | — |
| linux-hwe-5.19 | — | — |
| linux-hwe-5.4 | — | — |
| linux-hwe-5.8 | — | — |
| linux-hwe-6.11 | — | — |
| linux-hwe-6.14 | — | — |
| linux-hwe-6.2 | — | — |
| linux-hwe-6.5 | — | — |
| linux-hwe-6.8 | — | 6.8.0-100.100~22.04.1 |
| linux-hwe-edge | — | — |
| linux-ibm | — | 6.8.0-1044.44 |
| linux-ibm-5.15 | — | — |
| linux-ibm-5.4 | — | — |
| linux-ibm-6.8 | — | 6.8.0-1044.44~22.04.1 |
| linux-intel | — | — |
| linux-intel-5.13 | — | — |
| linux-intel-iot-realtime | — | — |
| linux-intel-iotg | — | — |
| linux-intel-iotg-5.15 | — | — |
| linux-iot | — | — |
| linux-kvm | — | — |
| linux-lowlatency | — | 6.8.0-100.100.1 |
| linux-lowlatency-hwe-5.15 | — | — |
| linux-lowlatency-hwe-5.19 | — | — |
| linux-lowlatency-hwe-6.11 | — | — |
| linux-lowlatency-hwe-6.2 | — | — |
| linux-lowlatency-hwe-6.5 | — | — |
| linux-lowlatency-hwe-6.8 | — | 6.8.0-100.100.1~22.04.1 |
| linux-lts-xenial | — | — |
| linux-nvidia | — | 6.8.0-1046.49 |
| linux-nvidia-6.11 | — | — |
| linux-nvidia-6.2 | — | — |
| linux-nvidia-6.5 | — | — |
| linux-nvidia-6.8 | — | 6.8.0-1046.49~22.04.1 |
| linux-nvidia-lowlatency | — | 6.8.0-1046.49.1 |
| linux-nvidia-tegra | — | 6.8.0-1020.20 |
| linux-nvidia-tegra-5.15 | — | — |
| linux-nvidia-tegra-igx | — | — |
| linux-oem | — | — |
| linux-oem-5.10 | — | — |
| linux-oem-5.13 | — | — |
| linux-oem-5.14 | — | — |
| linux-oem-5.17 | — | — |
| linux-oem-5.6 | — | — |
| linux-oem-6.0 | — | — |
| linux-oem-6.1 | — | — |
| linux-oem-6.11 | — | — |
| linux-oem-6.14 | — | — |
| linux-oem-6.5 | — | — |
| linux-oem-6.8 | — | — |
| linux-oracle | — | 6.8.0-1043.44 |
| linux-oracle-5.0 | — | — |
| linux-oracle-5.11 | — | — |
| linux-oracle-5.13 | — | — |
| linux-oracle-5.15 | — | — |
| linux-oracle-5.3 | — | — |
| linux-oracle-5.4 | — | — |
| linux-oracle-5.8 | — | — |
| linux-oracle-6.14 | — | — |
| linux-oracle-6.5 | — | — |
| linux-oracle-6.8 | — | 6.8.0-1043.44~22.04.1 |
| linux-raspi | — | 6.8.0-1047.51 |
| linux-raspi-5.4 | — | — |
| linux-raspi-realtime | — | 6.8.0-2037.38 |
| linux-raspi2 | — | — |
| linux-realtime | — | 6.8.1-1041.42 |
| linux-realtime-6.14 | — | — |
| linux-realtime-6.8 | — | 6.8.1-1041.42~22.04.1 |
| linux-riscv | — | — |
| linux-riscv-5.11 | — | — |
| linux-riscv-5.15 | — | — |
| linux-riscv-5.19 | — | — |
| linux-riscv-5.8 | — | — |
| linux-riscv-6.14 | — | — |
| linux-riscv-6.5 | — | — |
| linux-riscv-6.8 | — | 6.8.0-100.100~22.04.1 |
| linux-starfive-5.19 | — | — |
| linux-starfive-6.2 | — | — |
| linux-starfive-6.5 | — | — |
| linux-xilinx | — | 6.8.0-1023.24 |
| linux-xilinx-zynqmp | — | — |
References
Similar Threats
- Unknown CGA-23jx-hhcx-m389
- Unknown CGA-2qp7-6757-fmgc
- Unknown CGA-2rj5-jc55-r267
- Unknown CGA-3m96-cwq8-6xmx
- Unknown CGA-3qj9-973w-fh9g
Exploit Protection
Help block exploit attempts
BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.
Try BotEraser Free →No credit card required · Results in minutes
ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.