CVE-2024-49866

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A race condition during cpuhp processing in the Linux kernel's tracing/timerlat component can lead to timer corruption. This issue occurs when the "timerlat/1" thread is scheduled on CPU0, and the CPU may have already been removed from the cpu online mask during the offline process, resulting in the inability to select the right CPU. The problem arises from the asynchronous implementation of CPU online processing for osnoise through workers.

Recommendations: To resolve this issue, update to Linux kernel version 6.6.58 or later. As a temporary workaround, consider disabling the timerlat functionality until a patch is available. Restrict access to the tracing/timerlat component to minimize the risk of exploitation. Avoid using the timerlat irq function in the affected kernel versions until the issue is resolved. At the moment, there is no other information about additional mitigation measures.