PT-2024-7897 · Linux+9 · Linux Kernel+9

Published

2024-02-06

·

Updated

2025-09-29

·

CVE-2024-26976

CVSS v3.1

7.0

High

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119
Description The vulnerability is related to the KVM (Kernel-based Virtual Machine) component of the Linux kernel. It is caused by a deadlock situation that can occur when the async pf execute() function is called from kvm put kvm() while the async #PF workqueue is being flushed. This can happen when a vCPU is being destroyed, and the workqueue callbacks are not properly synchronized. The issue can lead to a denial-of-service (DoS) condition, where the system becomes unresponsive.
To exploit this vulnerability, an attacker would need to have the ability to create and manage virtual machines on the affected system. The vulnerability can be triggered by creating a scenario where the async pf execute() function is called concurrently with the flushing of the async #PF workqueue.
The kvm clear async pf completion queue() function is responsible for flushing the workqueue, and it should ensure that all invocations of async pf execute() are completed before the vCPU and its VM are destroyed. However, the current implementation does not properly synchronize the workqueue callbacks, leading to the deadlock situation.
The vulnerability can be mitigated by ensuring that the kvm clear async pf completion queue() function properly flushes the workqueue and that the async pf execute() function is not called concurrently with the flushing of the workqueue.
Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, ensure that the kvm clear async pf completion queue() function properly flushes the workqueue and that the async pf execute() function is not called concurrently with the flushing of the workqueue.
As a temporary workaround, consider disabling the async pf execute() function until a patch is available. However, this may have performance implications and should be carefully evaluated before implementation.
Note that the kvm check async pf completion() function may also need to be modified to properly flush the workqueue, as it can also take the work item off the completion queue.
It is also recommended to monitor the system for any signs of the deadlock situation, such as the "task kworker/8:1:251 blocked for more than 120 seconds" message, and to take corrective action if such a situation occurs.
In general, it is recommended to keep the Linux kernel up to date with the latest security patches to prevent exploitation of known vulnerabilities.

Exploit

Fix

Resource Exhaustion

Improper Locking

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-667

Related Identifiers

ALSA-2024:8856
ALSA-2024:8870
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2024-09401
CESA-2024_8856
CESA-2024_8870
CVE-2024-26976
DLA-3840-1
DLA-3842-1
DSA-5681-1
INFSA-2024_8856
INFSA-2024_8870
INFSA-2024_9315
OESA-2024-1677
OESA-2024-1678
OESA-2024-1679
OESA-2024-1680
OESA-2024-1681
OESA-2024-1682
OPENSUSE-SU-2024_2947-1
RHSA-2024:8856
RHSA-2024:8870
RHSA-2024:9315
RHSA-2024_8856
RHSA-2024_8870
RHSA-2024_9315
RHSA-2025:3510
RLSA-2024:8856
RLSA-2024:8870
SUSE-SU-2024:2894-1
SUSE-SU-2024:2902-1
SUSE-SU-2024:2929-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2025:0236-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
SUSE-SU-2025_0236-1
USN-6816-1
USN-6817-1
USN-6817-2
USN-6817-3
USN-6878-1
USN-6896-1
USN-6896-2
USN-6896-3
USN-6896-4
USN-6896-5
USN-6898-1
USN-6898-2
USN-6898-3
USN-6898-4
USN-6917-1
USN-6919-1
USN-6927-1
USN-7019-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu