CVE-2024-58090

Advisory lineage Upstream: 0 Downstream: 65
Modified
Published: 27 Mar 2025, 14:57
Last modified:11 May 2026, 21:03

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.02% LOW
0% probability -0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

27 Mar 2025, 14:57
Published
Vulnerability first disclosed
11 May 2026, 21:03
Last Modified
Vulnerability information updated

Description

In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90 hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90 That means __up_console_sem() was invoked with interrupts enabled. Further instrumentation revealed that in the interrupt disabled section of kexec jump one of the syscore_suspend() callbacks woke up a task, which set the NEED_RESCHED flag. A later callback in the resume path invoked cond_resched() which in turn led to the invocation of the scheduler: __cond_resched+0x21/0x60 down_timeout+0x18/0x60 acpi_os_wait_semaphore+0x4c/0x80 acpi_ut_acquire_mutex+0x3d/0x100 acpi_ns_get_node+0x27/0x60 acpi_ns_evaluate+0x1cb/0x2d0 acpi_rs_set_srs_method_data+0x156/0x190 acpi_pci_link_set+0x11c/0x290 irqrouter_resume+0x54/0x60 syscore_resume+0x6a/0x200 kernel_kexec+0x145/0x1c0 __do_sys_reboot+0xeb/0x240 do_syscall_64+0x95/0x180 This is a long standing problem, which probably got more visible with the recent printk changes. Something does a task wakeup and the scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and invokes schedule() from a completely bogus context. The scheduler enables interrupts after context switching, which causes the above warning at the end. Quite some of the code paths in syscore_suspend()/resume() can result in triggering a wakeup with the exactly same consequences. They might not have done so yet, but as they share a lot of code with normal operations it's just a question of time. The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling models. Full preemption is not affected as cond_resched() is disabled and the preemption check preemptible() takes the interrupt disabled flag into account. Cure the problem by adding a corresponding check into cond_resched().

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02% Percentile: 6%

Affected Systems

  • linuxlinux

    ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 321794b75ac968f0bb6b9c913581949452a8d992 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 1651f5731b378616565534eb9cda30e258cebebc | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 288fdb8dcb71ec77b76ab8b8a06bc10f595ea504 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 84586322e010164eedddfcd0a0894206ae7d9317 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 68786ab0935ccd5721283b7eb7f4d2f2942c7a52 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 0362847c520747b44b574d363705d8af0621727a | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < b927c8539f692fb1f9c2f42e6c8ea2d94956f921 | ≥ 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2, < 82c387ef7568c0d96a918a5a78d9cad6256cfa15 | 2.6.12

  • linuxlinux_kernel

    < 5.4.291 | ≥ 5.5, < 5.10.235 | ≥ 5.11, < 5.15.179 | ≥ 5.16, < 6.1.130 | ≥ 6.2, < 6.6.81 | ≥ 6.7, < 6.12.18 | ≥ 6.13, < 6.13.6 | 6.14:rc1 | 6.14:rc2 | 6.14:rc3 | 6.14:rc4

References (10)