CVE-2024-39508 Affecting kernel-source-azure package, versions <6.4.0-150600.8.11.1


Severity

Recommended
0.0
medium
0
10

Based on SUSE Linux Enterprise Server security rating.

Threat Intelligence

EPSS
0.05% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-SLES156-KERNELSOURCEAZURE-7927947
  • published11 Sept 2024
  • disclosed10 Sept 2024

Introduced: 10 Sep 2024

CVE-2024-39508  (opens in a new tab)

How to fix?

Upgrade SLES:15.6 kernel-source-azure to version 6.4.0-150600.8.11.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kernel-source-azure package and not the kernel-source-azure package as distributed by SLES. See How to fix? for SLES:15.6 relevant fixed versions and status.

In the Linux kernel, the following vulnerability has been resolved:

io_uring/io-wq: Use set_bit() and test_bit() at worker->flags

Utilize set_bit() and test_bit() on worker->flags within io_uring/io-wq to address potential data races.

The structure io_worker->flags may be accessed through various data paths, leading to concurrency issues. When KCSAN is enabled, it reveals data races occurring in io_worker_handle_work and io_wq_activate_free_worker functions.

 BUG: KCSAN: data-race in io_worker_handle_work / io_wq_activate_free_worker
 write to 0xffff8885c4246404 of 4 bytes by task 49071 on cpu 28:
 io_worker_handle_work (io_uring/io-wq.c:434 io_uring/io-wq.c:569)
 io_wq_worker (io_uring/io-wq.c:?)

<snip>

 read to 0xffff8885c4246404 of 4 bytes by task 49024 on cpu 5:
 io_wq_activate_free_worker (io_uring/io-wq.c:? io_uring/io-wq.c:285)
 io_wq_enqueue (io_uring/io-wq.c:947)
 io_queue_iowq (io_uring/io_uring.c:524)
 io_req_task_submit (io_uring/io_uring.c:1511)
 io_handle_tw_list (io_uring/io_uring.c:1198)

<snip>

Line numbers against commit 18daea77cca6 ("Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm").

These races involve writes and reads to the same memory location by different tasks running on different CPUs. To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. This ensures thread-safe manipulation of worker flags.

Also, move create_index to avoid holes in the structure.

CVSS Scores

version 3.1