CVE-2024-50140

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61

Description: The issue arises when KASAN and PREEMPT RT are enabled, and task work add() is called in task tick mm cid(), potentially causing a sleeping function to be called from an invalid context. This problem is due to the call trace starting from sched tick() and leading to rt spin lock(), where the rq lock, a raw spinlock t, is held, preventing sleeping and thus alloc pages() from being called in stack depot save flags(). The task tick mm cid() function with its task work add() call was introduced in the v6.4 kernel. A new TWAF NO ALLOC flag is added to enable calling kasan record aux stack noalloc() instead of kasan record aux stack() to prevent page allocation.

Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the task work add() function in task tick mm cid() until a patch is available. Restrict access to the sched tick() function to minimize the risk of exploitation. Avoid using the task tick mm cid() function in critical paths until the issue is resolved.