CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-57949: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()

Description

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()

The following call-chain leads to enabling interrupts in a nested interrupt
disabled section:

irq_set_vcpu_affinity()
irq_get_desc_lock()
raw_spin_lock_irqsave() <--- Disable interrupts
its_irq_set_vcpu_affinity()
guard(raw_spinlock_irq) <--- Enables interrupts when leaving the guard()
irq_put_desc_unlock() <--- Warns because interrupts are enabled

This was broken in commit b97e8a2f7130, which replaced the original
raw_spin_[un]lock() pair with guard(raw_spinlock_irq).

Fix the issue by using guard(raw_spinlock).

[ tglx: Massaged change log ]

Classification

CVE ID: CVE-2024-57949

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 5.02% (scored less or equal to compared to others)

EPSS Date: 2025-03-10 (when was this score calculated)

References

https://git.kernel.org/stable/c/d7b0e89610dd45ac6cf0d6f99bfa9ccc787db344
https://git.kernel.org/stable/c/6c84ff2e788fce0099ee3e71a3ed258b1ca1a223
https://git.kernel.org/stable/c/93955a7788121ab5a0f7f27e988b2ed1135a4866
https://git.kernel.org/stable/c/35cb2c6ce7da545f3b5cb1e6473ad7c3a6f08310

Timeline

2025-02-10 00:30:15 UTC
CVE

irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity()