CVE-2024-26765

Name of the Vulnerable Software and Affected Versions Linux kernel version 6.6.17+

Description The issue is related to the Linux kernel's handling of interrupts on non-boot CPUs during hotplug operations. To silence warnings and avoid potential errors due to unexpected interrupts, the kernel now disables IRQ before init fn() for non-boot CPUs. This change affects the kernel's rcu cpu starting function and is specific to the LoongArch architecture. The problem arises when the CPU is tainted, and the kernel reports a warning at kernel/rcu/tree.c:4503. The warning is due to the rcu cpu starting function, which is called during CPU initialization. The issue is resolved by disabling IRQ before init fn() for non-boot CPUs when hotplug is used.

Recommendations For Linux kernel version 6.6.17+, update to a newer version that includes the fix for this issue. If an update is not available, consider disabling the hotplug feature for non-boot CPUs to minimize the risk of exploitation. However, this is not a recommended long-term solution, as it may limit the functionality of the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.