csaf_microsoft - msrc_cve-2024-27005

MSRC_CVE-2024-27005

Vulnerability from csaf_microsoft - Published: 2024-05-02 07:00 - Updated: 2024-11-06 00:00

Summary

interconnect: Don't access req_list while it's being manipulated

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-27005 interconnect: Don\u0027t access req_list while it\u0027s being manipulated - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-27005.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "interconnect: Don\u0027t access req_list while it\u0027s being manipulated",
    "tracking": {
      "current_release_date": "2024-11-06T00:00:00.000Z",
      "generator": {
        "date": "2025-10-20T01:36:29.164Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-27005",
      "initial_release_date": "2024-05-02T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-09-11T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-11-06T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added hyperv-daemons to Azure Linux 3.0"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 hyperv-daemons 6.6.35.1-1",
                "product": {
                  "name": "azl3 hyperv-daemons 6.6.35.1-1",
                  "product_id": "16989"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 hyperv-daemons 6.6.22.1-2",
                "product": {
                  "name": "\u003cazl3 hyperv-daemons 6.6.22.1-2",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 hyperv-daemons 6.6.22.1-2",
                "product": {
                  "name": "azl3 hyperv-daemons 6.6.22.1-2",
                  "product_id": "17785"
                }
              }
            ],
            "category": "product_name",
            "name": "hyperv-daemons"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "cbl2 kernel 5.15.186.1-1",
                "product": {
                  "name": "cbl2 kernel 5.15.186.1-1",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 hyperv-daemons 6.6.35.1-1 as a component of Azure Linux 3.0",
          "product_id": "16989-17084"
        },
        "product_reference": "16989",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 hyperv-daemons 6.6.22.1-2 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 hyperv-daemons 6.6.22.1-2 as a component of Azure Linux 3.0",
          "product_id": "17785-17084"
        },
        "product_reference": "17785",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 kernel 5.15.186.1-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-27005",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16989-17084",
          "17785-17084"
        ],
        "known_affected": [
          "17084-3",
          "17084-1",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-27005 interconnect: Don\u0027t access req_list while it\u0027s being manipulated - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-27005.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-11T00:00:00.000Z",
          "details": "6.6.35.1-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-3",
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 6.3,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-3",
            "17084-1",
            "17086-2"
          ]
        }
      ],
      "title": "interconnect: Don\u0027t access req_list while it\u0027s being manipulated"
    }
  ]
}

CVE-2024-27005 (GCVE-0-2024-27005)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2025-11-04 17:16

Summary

In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to icc_node::req_list. The icc_set_bw() function will eventually iterate over req_list while only holding icc_bw_lock, but req_list can be modified while only holding icc_lock. This causes races between icc_set_bw(), of_icc_get(), and icc_put(). Example A: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); icc_put(path_b) mutex_lock(&icc_lock); aggregate_requests() hlist_for_each_entry(r, ... hlist_del(... <r = invalid pointer> Example B: CPU0 CPU1 ---- ---- icc_set_bw(path_a) mutex_lock(&icc_bw_lock); path_b = of_icc_get() of_icc_get_by_index() mutex_lock(&icc_lock); path_find() path_init() aggregate_requests() hlist_for_each_entry(r, ... hlist_add_head(... <r = invalid pointer> Fix this by ensuring icc_bw_lock is always held before manipulating icc_node::req_list. The additional places icc_bw_lock is held don't perform any memory allocations, so we should still be safe from the original lockdep splats that motivated the separate locks. [1] commit af42269c3523 ("interconnect: Fix locking for runpm vs reclaim")

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d0d04efa2e3679216…
	https://git.kernel.org/stable/c/4c65507121ea8e0b4…
	https://git.kernel.org/stable/c/de1bf25b6d771abdb…

Impacted products

Vendor

Product

Version

Linux

Affected: af42269c3523492d71ebbe11fefae2653e9cdc78 , < d0d04efa2e367921654b5106cc5c05e3757c2b42 (git)
Affected: af42269c3523492d71ebbe11fefae2653e9cdc78 , < 4c65507121ea8e0b47fae6d2049c8688390d46b6 (git)
Affected: af42269c3523492d71ebbe11fefae2653e9cdc78 , < de1bf25b6d771abdb52d43546cf57ad775fb68a1 (git)
Affected: 2f3a124696d43de3c837f87a9f767c56ee86cf2a (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-27005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:46:13.449387Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:17:57.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:33.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/interconnect/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d0d04efa2e367921654b5106cc5c05e3757c2b42",
              "status": "affected",
              "version": "af42269c3523492d71ebbe11fefae2653e9cdc78",
              "versionType": "git"
            },
            {
              "lessThan": "4c65507121ea8e0b47fae6d2049c8688390d46b6",
              "status": "affected",
              "version": "af42269c3523492d71ebbe11fefae2653e9cdc78",
              "versionType": "git"
            },
            {
              "lessThan": "de1bf25b6d771abdb52d43546cf57ad775fb68a1",
              "status": "affected",
              "version": "af42269c3523492d71ebbe11fefae2653e9cdc78",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2f3a124696d43de3c837f87a9f767c56ee86cf2a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/interconnect/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Don\u0027t access req_list while it\u0027s being manipulated\n\nThe icc_lock mutex was split into separate icc_lock and icc_bw_lock\nmutexes in [1] to avoid lockdep splats. However, this didn\u0027t adequately\nprotect access to icc_node::req_list.\n\nThe icc_set_bw() function will eventually iterate over req_list while\nonly holding icc_bw_lock, but req_list can be modified while only\nholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),\nand icc_put().\n\nExample A:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(\u0026icc_bw_lock);\n                                     icc_put(path_b)\n                                       mutex_lock(\u0026icc_lock);\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                       hlist_del(...\n        \u003cr = invalid pointer\u003e\n\nExample B:\n\n  CPU0                               CPU1\n  ----                               ----\n  icc_set_bw(path_a)\n    mutex_lock(\u0026icc_bw_lock);\n                                     path_b = of_icc_get()\n                                       of_icc_get_by_index()\n                                         mutex_lock(\u0026icc_lock);\n                                         path_find()\n                                           path_init()\n    aggregate_requests()\n      hlist_for_each_entry(r, ...\n                                             hlist_add_head(...\n        \u003cr = invalid pointer\u003e\n\nFix this by ensuring icc_bw_lock is always held before manipulating\nicc_node::req_list. The additional places icc_bw_lock is held don\u0027t\nperform any memory allocations, so we should still be safe from the\noriginal lockdep splats that motivated the separate locks.\n\n[1] commit af42269c3523 (\"interconnect: Fix locking for runpm vs reclaim\")"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:20.556Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d0d04efa2e367921654b5106cc5c05e3757c2b42"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c65507121ea8e0b47fae6d2049c8688390d46b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/de1bf25b6d771abdb52d43546cf57ad775fb68a1"
        }
      ],
      "title": "interconnect: Don\u0027t access req_list while it\u0027s being manipulated",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27005",
    "datePublished": "2024-05-01T05:28:59.193Z",
    "dateReserved": "2024-02-19T14:20:24.207Z",
    "dateUpdated": "2025-11-04T17:16:33.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2024-27005

CVE-2024-27005 (GCVE-0-2024-27005)

Tags

Sightings

Nomenclature