CVE-2024-36888

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)

Description: The vulnerability is related to the workqueue component in the Linux kernel. It causes a crash when calling arch vcpu is preempted() for an offline CPU. The issue arises due to the selection of wake cpu in kick pool(). To avoid this, the CPU should be selected with cpumask any and distribute() to mask pod cpumask with cpu online mask. In case no CPU is left in the pool, the assignment should be skipped. The crash is observed with cpu possible mask=0-63 and cpu online mask=0-7. The call trace includes functions such as select idle sibling(), select task rq fair(), try to wake up(), and kick pool(). The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.