high
7.8
CWE
416
Advisory Published
Updated

CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug

First published: Wed Feb 12 2025(Updated: )

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHP_ONLINE to halfway through a CPU hotunplug down to CPUHP_HRTIMERS_PREPARE, and then back to CPUHP_ONLINE: Since hrtimers_prepare_cpu() does not run, cpu_base.hres_active remains set to 1 throughout. However, during a CPU unplug operation, the tick and the clockevents are shut down at CPUHP_AP_TICK_DYING. On return to the online state, for instance CFS incorrectly assumes that the hrtick is already active, and the chance of the clockevent device to transition to oneshot mode is also lost forever for the CPU, unless it goes back to a lower state than CPUHP_HRTIMERS_PREPARE once. This round-trip reveals another issue; cpu_base.online is not set to 1 after the transition, which appears as a WARN_ON_ONCE in enqueue_hrtimer(). Aside of that, the bulk of the per CPU state is not reset either, which means there are dangling pointers in the worst case. Address this by adding a corresponding startup() callback, which resets the stale per CPU state and sets the online flag. [ tglx: Make the new callback unconditionally available, remove the online modification in the prepare() callback and clear the remaining state in the starting callback instead of the prepare callback ]

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
Linux Kernel
Linux Kernel>=4.19.302<4.20
Linux Kernel>=5.4.264<5.4.290
Linux Kernel>=5.10.204<5.10.234
Linux Kernel>=5.15.143<5.15.177
Linux Kernel>=6.1.68<6.1.127
Linux Kernel>=6.6.7<6.6.74
Linux Kernel>=6.7<6.12.11
Linux Kernel=6.13-rc1
Linux Kernel=6.13-rc2
Linux Kernel=6.13-rc3
Linux Kernel=6.13-rc4
Linux Kernel=6.13-rc5
Linux Kernel=6.13-rc6
Linux Kernel=6.13-rc7

Remedy

https://git.kernel.org/stable/c/14984139f1f2768883332965db566ef26db609e7

Remedy

https://git.kernel.org/stable/c/15b453db41d36184cf0ccc21e7df624014ab6a1a

Remedy

https://git.kernel.org/stable/c/2f8dea1692eef2b7ba6a256246ed82c365fdc686

Remedy

https://git.kernel.org/stable/c/38492f6ee883c7b1d33338bf531a62cff69b4b28

Remedy

https://git.kernel.org/stable/c/3d41dbf82e10c44e53ea602398ab002baec27e75

Remedy

https://git.kernel.org/stable/c/95e4f62df23f4df1ce6ef897d44b8e23c260921a

Remedy

https://git.kernel.org/stable/c/a5cbbea145b400e40540c34816d16d36e0374fbc

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-57951?

    CVE-2024-57951 has a medium severity rating due to its impact on CPU hotplug operations in the Linux kernel.

  • How do I fix CVE-2024-57951?

    To fix CVE-2024-57951, ensure that your Linux kernel is updated to the patched version provided by your distribution.

  • What systems are affected by CVE-2024-57951?

    CVE-2024-57951 affects various versions of the Linux kernel that handle CPU hotplug operations.

  • What are the consequences of exploiting CVE-2024-57951?

    Exploitation of CVE-2024-57951 could lead to incorrect state handling during CPU hotplug, potentially causing system instability.

  • When was CVE-2024-57951 disclosed?

    CVE-2024-57951 was disclosed in 2024 as part of ongoing improvements to the Linux kernel's CPU hotplug functionality.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203