113 Star 72 Fork 311

src-openEuler/kernel

CVE-2024-56583

已完成
CVE和安全问题 拥有者
创建于  
2024-12-28 00:02

一、漏洞信息
漏洞编号:CVE-2024-56583
漏洞归属组件:kernel
漏洞归属的版本:4.19.140,4.19.194,4.19.90,5.10.0,6.1.19,6.4.0,6.6.0
CVSS V3.0分值:
BaseScore:N/A None
Vector:CVSS:3.0/
漏洞简述:
In the Linux kernel, the following vulnerability has been resolved:sched/deadline: Fix warning in migrate_enable for boosted tasksWhen running the following command:while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quietdonea warning is eventually triggered:WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794setup_new_dl_entity+0x13e/0x180...Call Trace: ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92bThis warning occurs because set_cpus_allowed dequeues and enqueues taskswith the ENQUEUE_RESTORE flag set. If the task is boosted, the warningis triggered. A boosted task already had its parameters set byrt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,hence the WARN_ON call.Check if we are requeueing a boosted task and avoid callingsetup_new_dl_entity if that s the case.
漏洞公开时间:2024-12-27 23:15:17
漏洞创建时间:2024-12-28 00:02:26
漏洞详情参考链接:
https://nvd.nist.gov/vuln/detail/CVE-2024-56583

更多参考(点击展开)
参考来源 参考链接 来源链接
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/0664e2c311b9fa43b33e3e81429cd0c2d7f9c638
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/b600d30402854415aa57548a6b53dc6478f65517
416baaa9-dc9f-4396-8d5f-8c081fb06d67 https://git.kernel.org/stable/c/e41074904d9ed3fe582d6e544c77b40c22043c82
suse_bugzilla http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-56583 https://bugzilla.suse.com/show_bug.cgi?id=1235118
suse_bugzilla https://www.cve.org/CVERecord?id=CVE-2024-56583 https://bugzilla.suse.com/show_bug.cgi?id=1235118
suse_bugzilla https://git.kernel.org/stable/c/0664e2c311b9fa43b33e3e81429cd0c2d7f9c638 https://bugzilla.suse.com/show_bug.cgi?id=1235118
suse_bugzilla https://git.kernel.org/stable/c/b600d30402854415aa57548a6b53dc6478f65517 https://bugzilla.suse.com/show_bug.cgi?id=1235118
suse_bugzilla https://git.kernel.org/stable/c/e41074904d9ed3fe582d6e544c77b40c22043c82 https://bugzilla.suse.com/show_bug.cgi?id=1235118
suse_bugzilla https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-56583.mbox https://bugzilla.suse.com/show_bug.cgi?id=1235118
suse_bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=2334485 https://bugzilla.suse.com/show_bug.cgi?id=1235118
debian https://security-tracker.debian.org/tracker/CVE-2024-56583
anolis https://anas.openanolis.cn/cves/detail/CVE-2024-56583
mageia http://advisories.mageia.org/MGASA-2025-0030.html

漏洞分析指导链接:
https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
漏洞数据来源:
openBrain开源漏洞感知系统
漏洞补丁信息:

详情(点击展开)
影响的包 修复版本 修复补丁 问题引入补丁 来源
linux_kernel 6.6.66 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b600d30402854415aa57548a6b53dc6478f65517Issue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=295d6d5e373607729bcc8182c25afe964655714f linuxkernelcves
linux_kernel 6.12.5 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e41074904d9ed3fe582d6e544c77b40c22043c82Issue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=295d6d5e373607729bcc8182c25afe964655714f linuxkernelcves
linux_kernel 6.13-rc3 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0664e2c311b9fa43b33e3e81429cd0c2d7f9c638Issue https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=295d6d5e373607729bcc8182c25afe964655714f linuxkernelcves

二、漏洞分析结构反馈
影响性分析说明:
In the Linux kernel, the following vulnerability has been resolved:sched/deadline: Fix warning in migrate_enable for boosted tasksWhen running the following command:while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quietdonea warning is eventually triggered:WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794setup_new_dl_entity+0x13e/0x180...Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92bThis warning occurs because set_cpus_allowed dequeues and enqueues taskswith the ENQUEUE_RESTORE flag set. If the task is boosted, the warningis triggered. A boosted task already had its parameters set byrt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary,hence the WARN_ON call.Check if we are requeueing a boosted task and avoid callingsetup_new_dl_entity if that's the case.The Linux kernel CVE team has assigned CVE-2024-56583 to this issue.
openEuler评分:
5.5
Vector:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
受影响版本排查(受影响/不受影响):
1.openEuler-20.03-LTS-SP4(4.19.90):受影响
2.openEuler-22.03-LTS-SP1(5.10.0):受影响
3.openEuler-22.03-LTS-SP3(5.10.0):受影响
4.openEuler-22.03-LTS-SP4(5.10.0):受影响
5.openEuler-24.03-LTS(6.6.0):受影响
6.openEuler-24.03-LTS-SP1(6.6.0):受影响
7.master(6.6.0):不受影响
8.openEuler-24.03-LTS-Next(6.6.0):不受影响

修复是否涉及abi变化(是/否):
1.openEuler-20.03-LTS-SP4(4.19.90):否
2.openEuler-22.03-LTS-SP1(5.10.0):否
3.openEuler-22.03-LTS-SP3(5.10.0):否
4.master(6.6.0):否
5.openEuler-24.03-LTS(6.6.0):否
6.openEuler-24.03-LTS-Next(6.6.0):否
7.openEuler-22.03-LTS-SP4(5.10.0):否
8.openEuler-24.03-LTS-SP1(6.6.0):否

原因说明:
1.openEuler-22.03-LTS-SP1(5.10.0):正常修复
2.openEuler-22.03-LTS-SP3(5.10.0):正常修复
3.openEuler-22.03-LTS-SP4(5.10.0):正常修复
4.openEuler-24.03-LTS(6.6.0):正常修复
5.openEuler-24.03-LTS-SP1(6.6.0):正常修复
6.openEuler-20.03-LTS-SP4(4.19.90):暂不修复-暂无解决方案或补丁
7.master(6.6.0):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-Next(6.6.0):不受影响-漏洞代码不能被攻击者触发

三、漏洞修复
安全公告链接:https://www.openeuler.org/zh/security/safety-bulletin/detail/?id=openEuler-SA-2025-1079

评论 (12)

登录 后才可以发表评论

状态
负责人
项目
里程碑
分支
预计工期 (小时)
开始日期   -   截止日期
-
置顶选项
优先级
关联仓库
关联里程碑
关联分支
参与者(1)
5329419 openeuler ci bot 1632792936
1
https://gitee.com/src-openeuler/kernel.git
git@gitee.com:src-openeuler/kernel.git
src-openeuler
kernel
kernel

搜索帮助