CVE-2024-57949

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to errors in synchronization, which can be exploited to cause a denial of service. The problem arises from a call-chain that leads to enabling interrupts in a nested interrupt disabled section. This occurs in the irqchip/gic-v3-its component, specifically in the its irq set vcpu affinity() function. The call-chain involves irq set vcpu affinity(), irq get desc lock(), raw spin lock irqsave(), its irq set vcpu affinity(), guard(raw spinlock irq), and irq put desc unlock(). The issue was introduced in commit b97e8a2f7130, which replaced the original raw spin [un]lock() pair with guard(raw spinlock irq).

Recommendations To fix the issue, use guard(raw spinlock) instead of guard(raw spinlock irq) in the its irq set vcpu affinity() function. As a temporary workaround, consider disabling the irq set vcpu affinity() function until a patch is available. Restrict access to the irqchip/gic-v3-its component to minimize the risk of exploitation. Avoid using the its irq set vcpu affinity() function in the affected API endpoint until the issue is resolved.