CVE-2024-57939: RISC-V Linux Kernel Vulnerability Fixed in die() Function

In the field of computer security, a new vulnerability in the Linux kernel assigned with the identifier CVE-2024-57939 has been identified and resolved. This vulnerability pertains to the RISC-V architecture and specifically involves fixing a sleeping issue in invalid context in the die() function.

The RISC-V architecture is an open-source hardware instruction set, which the Linux kernel can run on. The vulnerability was identified due to a conflict between the spinlock_t construct and the nature of the die() function, which caused warnings and errors in the kernel. The die() function can be called in the exception handler, which does not allow the function to sleep. However, when PREEMPT_RT is enabled, the spinlock_t construct could potentially sleep, causing an invalid context issue.

This conflict led to the following warning

BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48
in_atomic(): 1, irqs_disabled(): 1, non_block: , pid: 285, name: mutex
preempt_count: 110001, expected: 
RCU nest depth: , expected: 
CPU:  UID:  PID: 285 Comm: mutex Not tainted 6.12.-rc7-00022-ge19049cf7d56-dirty #234
Hardware name: riscv-virtio,qemu (DT)
Call Trace:
    dump_backtrace+x1c/x24
    show_stack+x2c/x38
    dump_stack_lvl+x5a/x72
    dump_stack+x14/x1c
    __might_resched+x130/x13a
    rt_spin_lock+x2a/x5c
    die+x24/x112
    do_trap_insn_illegal+xa/xea
    _new_vmalloc_restore_context_a+xcc/xd8
Oops - illegal instruction [#1]

To address this issue, the Linux kernel developers switched to using raw_spinlock_t instead of the spinlock_t construct. Raw_spinlock_t does not sleep even when PREEMPT_RT is enabled, resolving the invalid context issue and closing this vulnerability.

The original references for this fix are available on the Linux Kernel Mailing List (LKML) and the Linux Git Repository.

As a result of the fix, users of the RISC-V architecture should update their Linux kernel to the fixed version to ensure they are not affected by this vulnerability. This action will secure their systems against potential attacks or errors caused by the sleeping issue in the die() function.

In summary, CVE-2024-57939 is a vulnerability in the Linux kernel for the RISC-V architecture relating to an invalid context issue in the die() function. With the use of raw_spinlock_t replacing the problematic spinlock_t construct, Linux kernel developers were able to resolve the issue and patch the vulnerability. Users of RISC-V should update their systems to protect against any potential exploitation or errors caused by this vulnerability.

Timeline

Published on: 01/21/2025 13:15:07 UTC
Last modified on: 02/28/2025 18:58:55 UTC