CVE-2024-49976

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: A vulnerability in the Linux kernel has been resolved, specifically in the tracing/timerlat component. The issue involves a deadlock scenario introduced by the use of interface lock in the stop kthread() function, which is the offline callback for "trace/osnoise:online". This deadlock can occur due to the interaction between multiple threads (T1, T2, and T3) and the locking mechanisms used. The vulnerability is fixed by using xchg() instead of interface lock to protect the "kthread" field of the osn var, and by using for each online cpu() in stop per cpu kthreads() to avoid taking cpu read lock() again.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the tracing/timerlat component until a patch is available. Restrict access to the vulnerable stop kthread() function to minimize the risk of exploitation. Avoid using the interface lock in the stop kthread() function until the issue is resolved.