NVD Vulnerability Detail

CVE-2024-47696

Summary	In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock. The call trace is as below: [ 125.350876][ T1430] Call Trace: [ 125.356281][ T1430] <TASK> [ 125.361285][ T1430] ? __warn (kernel/panic.c:693) [ 125.367640][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.375689][ T1430] ? report_bug (lib/bug.c:180 lib/bug.c:219) [ 125.382505][ T1430] ? handle_bug (arch/x86/kernel/traps.c:239) [ 125.388987][ T1430] ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) [ 125.395831][ T1430] ? asm_exc_invalid_op (arch/x86/include/asm/idtentry.h:621) [ 125.403125][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.410984][ T1430] ? check_flush_dependency (kernel/workqueue.c:3706 (discriminator 9)) [ 125.418764][ T1430] __flush_workqueue (kernel/workqueue.c:3970) [ 125.426021][ T1430] ? __pfx___might_resched (kernel/sched/core.c:10151) [ 125.433431][ T1430] ? destroy_cm_id (drivers/infiniband/core/iwcm.c:375) iw_cm [ 125.441209][ T1430] ? __pfx___flush_workqueue (kernel/workqueue.c:3910) [ 125.473900][ T1430] ? _raw_spin_lock_irqsave (arch/x86/include/asm/atomic.h:107 include/linux/atomic/atomic-arch-fallback.h:2170 include/linux/atomic/atomic-instrumented.h:1302 include/asm-generic/qspinlock.h:111 include/linux/spinlock.h:187 include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162) [ 125.473909][ T1430] ? __pfx__raw_spin_lock_irqsave (kernel/locking/spinlock.c:161) [ 125.482537][ T1430] _destroy_id (drivers/infiniband/core/cma.c:2044) rdma_cm [ 125.495072][ T1430] nvme_rdma_free_queue (drivers/nvme/host/rdma.c:656 drivers/nvme/host/rdma.c:650) nvme_rdma [ 125.505827][ T1430] nvme_rdma_reset_ctrl_work (drivers/nvme/host/rdma.c:2180) nvme_rdma [ 125.505831][ T1430] process_one_work (kernel/workqueue.c:3231) [ 125.515122][ T1430] worker_thread (kernel/workqueue.c:3306 kernel/workqueue.c:3393) [ 125.515127][ T1430] ? __pfx_worker_thread (kernel/workqueue.c:3339) [ 125.531837][ T1430] kthread (kernel/kthread.c:389) [ 125.539864][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.550628][ T1430] ret_from_fork (arch/x86/kernel/process.c:147) [ 125.558840][ T1430] ? __pfx_kthread (kernel/kthread.c:342) [ 125.558844][ T1430] ret_from_fork_asm (arch/x86/entry/entry_64.S:257) [ 125.566487][ T1430] </TASK> [ 125.566488][ T1430] ---[ end trace 0000000000000000 ]---
Publication Date	Oct. 21, 2024, 9:15 p.m.
Registration Date	Oct. 22, 2024, 5 a.m.
Last Update	Nov. 9, 2024, 1:15 a.m.

CVSS3.1 : HIGH
スコア	7.8
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::	6.11			6.11.2
cpe:2.3:o:linux:linux_kernel::::::::	6.10.3			6.10.13
cpe:2.3:o:linux:linux_kernel::::::::	6.6.44			6.6.54
cpe:2.3:o:linux:linux_kernel::::::::	6.1.103			6.1.113
cpe:2.3:o:linux:linux_kernel::::::::	5.15.165			5.15.168
cpe:2.3:o:linux:linux_kernel::::::::	5.10.224			5.10.227
cpe:2.3:o:linux:linux_kernel::::::::	4.19.320			5.4
cpe:2.3:o:linux:linux_kernel::::::::	5.4.282			5.10

Related information, measures and tools

No	URL	タグ
1	https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6	Patch
2	https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e	Patch
3	https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548	Patch
4	https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7	Patch
5	https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58	Patch
6	https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04	Patch
7	https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89	Patch
8	https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5
9	https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

JVN Vulnerability Information

Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性

Title	Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性
Summary	Linux の Linux Kernel には、解放済みメモリの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 23, 2024, midnight
Registration Date	Oct. 29, 2024, 4:45 p.m.
Last Update	Sept. 9, 2025, 10:32 a.m.

Affected System

Linux

Linux Kernel 4.19.320 以上 5.4 未満

Linux Kernel 5.10.224 以上 5.10.227 未満

Linux Kernel 5.15.165 以上 5.15.168 未満

Linux Kernel 5.4.282 以上 5.10 未満

Linux Kernel 6.1.103 以上 6.1.113 未満

Linux Kernel 6.10.3 以上 6.10.13 未満

Linux Kernel 6.11 以上 6.11.2 未満

Linux Kernel 6.6.44 以上 6.6.54 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2024-47696	https://www.cve.org/CVERecord?id=CVE-2024-47696
National Vulnerability Database (NVD)
2	CVE-2024-47696	https://nvd.nist.gov/vuln/detail/CVE-2024-47696

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
Kernel.org git repositories
1	RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (2efe8da)	https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6
2	RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (86dfdd8)	https://git.kernel.org/stable/c/86dfdd8288907f03c18b7fb462e0e232c4f98d89
3	RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (8b7df76)	https://git.kernel.org/stable/c/8b7df76356d098f85f3bd2c7cf6fb43f531893d7
4	RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (a09dc96)	https://git.kernel.org/stable/c/a09dc967b3c58899e259c0aea092f421d22a0b04
5	RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (a64f30d)	https://git.kernel.org/stable/c/a64f30db12bdc937c5108158d98c8eab1925c548
6	RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (c8b18a7)	https://git.kernel.org/stable/c/c8b18a75282cfd27822a8cc3c1f005c1ac8d1a58
7	RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (da03926)	https://git.kernel.org/stable/c/da0392698c62397c19deb1b9e9bdf2fbb5a9420e
Linux Kernel
8	Linux Kernel Archives	https://www.kernel.org

その他

No	Name	URL
ICS-CERT ADVISORY
1	ICSA-25-226-07	https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07
JVN
2	JVNVU#92169998	https://jvn.jp/vu/JVNVU92169998/index.html

Change Log

No	Changed Details	Date of change
1	[2024年10月29日] 掲載	Oct. 29, 2024, 4:45 p.m.
2	[2025年08月19日] 参考情報：JVN (JVNVU#92169998) を追加参考情報：ICS-CERT ADVISORY (ICSA-25-226-07) を追加	Aug. 19, 2025, 12:09 p.m.