Описание
In the Linux kernel, the following vulnerability has been resolved:
rcu/nocb: Fix rcuog wake-up from offline softirq
After a CPU has set itself offline and before it eventually calls rcutree_report_cpu_dead(), there are still opportunities for callbacks to be enqueued, for example from a softirq. When that happens on NOCB, the rcuog wake-up is deferred through an IPI to an online CPU in order not to call into the scheduler and risk arming the RT-bandwidth after hrtimers have been migrated out and disabled.
But performing a synchronized IPI from a softirq is buggy as reported in the following scenario:
In the Linux kernel, the following vulnerability has been resolved:
rcu/nocb: Fix rcuog wake-up from offline softirq
After a CPU has set itself offline and before it eventually calls rcutree_report_cpu_dead(), there are still opportunities for callbacks to be enqueued, for example from a softirq. When that happens on NOCB, the rcuog wake-up is deferred through an IPI to an online CPU in order not to call into the scheduler and risk arming the RT-bandwidth after hrtimers have been migrated out and disabled.
But performing a synchronized IPI from a softirq is buggy as reported in the following scenario:
Fix this with forcing deferred rcuog wake up through the NOCB timer when the CPU is offline. The actual wake up will happen from rcutree_report_cpu_dead().
5.5 Medium
CVSS3
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
[REJECTED CVE] In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix rcuog wake-up from offline softirq
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Уязвимость функции __call_rcu_nocb_wake() модуля kernel/rcu/tree_nocb.h подсистемы синхронизации в многопоточных системах ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
5.5 Medium
CVSS3