CVE-2024-58090

MEDIUM EPSS 10.3%
Published Mar 27, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouter_resume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:103 syscore_resume+0x18a/0x220 kernel_kexec+0xf6/0x180 __do_sys_reboot+0x206/0x250 do_syscall_64+0x95/0x180 The corresponding interrupt flag trace: hardirqs last enabled at (15573): [<ffffffffa8281b8e>] __up_console_sem+0x7e/0x90 hardirqs last disabled at (15580): [<ffffffffa8281b73>] __up_console_sem+0x63/0x90 That means __up_console_sem() was invoked with interrupts enabled. Further instrumentation revealed that in the interrupt disabled section of kexec jump one of the syscore_suspend() callbacks woke up a task, which set the NEED_RESCHED flag. A later callback in the resume path invoked cond_resched() which in turn led to the invocation of the scheduler: __cond_resched+0x21/0x60 down_timeout+0x18/0x60 acpi_os_wait_semaphore+0x4c/0x80 acpi_ut_acquire_mutex+0x3d/0x100 acpi_ns_get_node+0x27/0x60 acpi_ns_evaluate+0x1cb/0x2d0 acpi_rs_set_srs_method_data+0x156/0x190 acpi_pci_link_set+0x11c/0x290 irqrouter_resume+0x54/0x60 syscore_resume+0x6a/0x200 kernel_kexec+0x145/0x1c0 __do_sys_reboot+0xeb/0x240 do_syscall_64+0x95/0x180 This is a long standing problem, which probably got more visible with the recent printk changes. Something does a task wakeup and the scheduler sets the NEED_RESCHED flag. cond_resched() sees it set and invokes schedule() from a completely bogus context. The scheduler enables interrupts after context switching, which causes the above warning at the end. Quite some of the code paths in syscore_suspend()/resume() can result in triggering a wakeup with the exactly same consequences. They might not have done so yet, but as they share a lot of code with normal operations it's just a question of time. The problem only affects the PREEMPT_NONE and PREEMPT_VOLUNTARY scheduling models. Full preemption is not affected as cond_resched() is disabled and the preemption check preemptible() takes the interrupt disabled flag into account. Cure the problem by adding a corresponding check into cond_resched().

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
10.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 11

VendorProductVersionRange
linuxlinux_kernel* <5.4.291
linuxlinux_kernel*≥5.5  –  <5.10.235
linuxlinux_kernel*≥5.11  –  <5.15.179
linuxlinux_kernel*≥5.16  –  <6.1.130
linuxlinux_kernel*≥6.2  –  <6.6.81
linuxlinux_kernel*≥6.7  –  <6.12.18
linuxlinux_kernel*≥6.13  –  <6.13.6
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any
linuxlinux_kernel6.14any

References 10

  • git.kernel.org https://git.kernel.org/stable/c/0362847c520747b44b574d363705d8af0621727a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1651f5731b378616565534eb9cda30e258cebebc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/288fdb8dcb71ec77b76ab8b8a06bc10f595ea504
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/321794b75ac968f0bb6b9c913581949452a8d992
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/68786ab0935ccd5721283b7eb7f4d2f2942c7a52
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82c387ef7568c0d96a918a5a78d9cad6256cfa15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84586322e010164eedddfcd0a0894206ae7d9317
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b927c8539f692fb1f9c2f42e6c8ea2d94956f921
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0362847c520747b44b574d363705d8af0621727a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/1651f5731b378616565534eb9cda30e258cebebc
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/288fdb8dcb71ec77b76ab8b8a06bc10f595ea504
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/321794b75ac968f0bb6b9c913581949452a8d992
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/68786ab0935ccd5721283b7eb7f4d2f2942c7a52
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/82c387ef7568c0d96a918a5a78d9cad6256cfa15
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/84586322e010164eedddfcd0a0894206ae7d9317
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b927c8539f692fb1f9c2f42e6c8ea2d94956f921
    Patch