CVE-2024-38613— m68k: Fix spinlock race in kernel thread creation
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-38613
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
m68k: Fix spinlock race in kernel thread creation
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: m68k: Fix spinlock race in kernel thread creation Context switching does take care to retain the correct lock owner across the switch from 'prev' to 'next' tasks. This does rely on interrupts remaining disabled for the entire duration of the switch. This condition is guaranteed for normal process creation and context switching between already running processes, because both 'prev' and 'next' already have interrupts disabled in their saved copies of the status register. The situation is different for newly created kernel threads. The status register is set to PS_S in copy_thread(), which does leave the IPL at 0. Upon restoring the 'next' thread's status register in switch_to() aka resume(), interrupts then become enabled prematurely. resume() then returns via ret_from_kernel_thread() and schedule_tail() where run queue lock is released (see finish_task_switch() and finish_lock_switch()). A timer interrupt calling scheduler_tick() before the lock is released in finish_task_switch() will find the lock already taken, with the current task as lock owner. This causes a spinlock recursion warning as reported by Guenter Roeck. As far as I can ascertain, this race has been opened in commit 533e6903bea0 ("m68k: split ret_from_fork(), simplify kernel_thread()") but I haven't done a detailed study of kernel history so it may well predate that commit. Interrupts cannot be disabled in the saved status register copy for kernel threads (init will complain about interrupts disabled when finally starting user space). Disable interrupts temporarily when switching the tasks' register sets in resume(). Note that a simple oriw 0x700,%sr after restoring sr is not enough here - this leaves enough of a race for the 'spinlock recursion' warning to still be observed. Tested on ARAnyM and qemu (Quadra 800 emulation).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于m68k 中存在安全问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-38613
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-38613
请登录查看更多情报信息。
Same Patch Batch · Linux · 2024-06-19 · 122 CVEs total
| CVE-2024-38612 | ipv6: sr: fix invalid unregister error path | |
| CVE-2021-47585 | btrfs: fix memory leak in __add_inode_ref() | |
| CVE-2021-47584 | iocost: Fix divide-by-zero on donation from low hweight cgroup | |
| CVE-2021-47582 | USB: core: Make do_proc_control() and do_proc_bulk() killable | |
| CVE-2021-47583 | media: mxl111sf: change mutex_init() location | |
| CVE-2021-47579 | ovl: fix warning in ovl_create_real() | |
| CVE-2021-47580 | scsi: scsi_debug: Fix type in min_t to avoid stack OOB | |
| CVE-2021-47578 | scsi: scsi_debug: Don't call kcalloc() if size arg is zero | |
| CVE-2021-47576 | scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() | |
| CVE-2021-47577 | io-wq: check for wq exit after adding new worker task_work | |
| CVE-2024-38617 | kunit/fortify: Fix mismatched kvalloc()/vfree() usage | |
| CVE-2024-38618 | ALSA: timer: Set lower bound of start tick time | |
| CVE-2024-38616 | wifi: carl9170: re-fix fortified-memset warning | |
| CVE-2024-38615 | cpufreq: exit() callback is optional | |
| CVE-2024-38614 | openrisc: traps: Don't send signals to kernel mode threads | |
| CVE-2024-38611 | media: i2c: et8ek8: Don't strip remove function when driver is builtin | |
| CVE-2024-38603 | drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() | |
| CVE-2024-38601 | ring-buffer: Fix a race between readers and resize checks | |
| CVE-2024-38600 | ALSA: Fix deadlocks with kctl removals at disconnection | |
| CVE-2024-38602 | ax25: Fix reference count leak issues of ax25_dev |
Showing top 20 of 122 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
Same vendor: Linux
- CVE-2026-43500
rxrpc: Also unshare DATA/RESPONSE packets when paged frags a - CVE-2026-43475
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT - CVE-2026-43474
fs: init flags_valid before calling vfs_fileattr_get - CVE-2026-43473
scsi: mpi3mr: Add NULL checks when resetting request and rep - CVE-2026-43472
unshare: fix unshare_fs() handling
V. Comments for CVE-2024-38613
No comments yet