CVE-2024-44968

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50

Description The issue is related to the Linux kernel, where a recent fix for making the takeover of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers hoist the access into the non-preemptible region where the pointer is actually used, triggering a bug when using smp processor id() in preemptible code. The caller is hotplug cpu broadcast tick pull+0x1c/0xc0. The fix involves moving the per CPU pointer access into the atomic section.

Recommendations Update to Linux kernel version 6.6.50 or later to resolve the issue. As a temporary workaround, consider restricting access to the hotplug cpu broadcast tick pull function until a patch is available.