CVE-2024-50032

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue is related to the Linux kernel's rcu/nocb functionality, where a CPU set offline can still enqueue callbacks from a softirq, leading to a deferred rcuog wake-up through an IPI to an online CPU. However, performing a synchronized IPI from a softirq is buggy. The problem occurs when a CPU is set offline and before it calls rcutree report cpu dead(), and there are opportunities for callbacks to be enqueued. To fix this, the deferred rcuog wake-up is forced through the NOCB timer when the CPU is offline, and the actual wake-up happens from rcutree report cpu dead().

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the smp call function single function until a patch is available. Restrict access to the rcutree report cpu dead function to minimize the risk of exploitation. Avoid using the rcuog wake-up mechanism in the affected kernel versions until the issue is resolved.