CVE-2024-57994

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d

Description A vulnerability has been resolved in the Linux kernel. The issue was caused by hard interrupts being blocked in the ptr ring resize multiple() function. To increase test coverage, a lockdep assert no hardirq() check was added in page pool put page(). The problem was discovered by syzbot, which found a splat caused by hard irq blocking in ptr ring resize multiple(). The current users of ptr ring resize multiple() do not require hard irqs being masked, so the function was replaced to only block BH. The helpers were renamed to better reflect that they are safe against BH only.

Recommendations For Linux kernel versions prior to 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the ptr ring resize multiple() function until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the affected API endpoints until the issue is resolved.