CVE-2024-42124 in Linux
Summary
by MITRE • 07/30/2024
In the Linux kernel, the following vulnerability has been resolved:
scsi: qedf: Make qedf_execute_tmf() non-preemptible
Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. This results in BUG_ON() when running an RT kernel.
[ 659.343280] BUG: using smp_processor_id() in preemptible [00000000] code: sg_reset/3646
[ 659.343282] caller is qedf_execute_tmf+0x8b/0x360 [qedf]
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/06/2025
The vulnerability identified as CVE-2024-42124 affects the Linux kernel's SCSI subsystem, specifically within the qedf driver implementation. This issue manifests as a critical preemption violation that occurs when the kernel operates in real-time (RT) configurations. The problem stems from improper handling of kernel preemption states during SCSI task management function execution, creating a scenario where kernel code attempts to access processor identification information from a context that does not guarantee non-preemptible execution. The vulnerability is classified under CWE-398 as "Indicator of Poor Code Quality" and represents a fundamental violation of kernel execution semantics that can lead to system instability and potential security implications.
The technical flaw resides in the qedf_execute_tmf() function within the qedf SCSI driver module. This function incorrectly invokes smp_processor_id() from code that operates in a preemptible context, violating kernel design principles that mandate the use of processor identification functions only in non-preemptible code sections. The smp_processor_id() macro is designed to return the CPU number of the currently executing process, but it cannot be safely called from preemptible contexts where the kernel scheduler may switch between tasks. When running on RT kernels, this violation triggers a BUG_ON() condition that halts system execution, demonstrating the severity of the preemption violation. The error message indicates that the sg_reset process with pid 3646 is calling this function in a preemptible context, making it a clear violation of kernel scheduling and preemption models.
The operational impact of this vulnerability extends beyond simple system crashes, as it affects the reliability of storage operations in real-time kernel environments. Systems utilizing RT kernels for mission-critical applications that rely on SCSI storage connectivity face potential service interruptions when the qedf driver encounters this condition. The vulnerability affects any Linux system running with real-time kernel patches that enable the RT scheduler, potentially impacting industrial control systems, telecommunications infrastructure, and real-time embedded applications. The issue represents a failure in kernel module design that can compromise system availability and introduce unpredictable behavior in environments where deterministic execution is required. This vulnerability directly impacts the ATT&CK technique T1490 - "Inhibit System Recovery" by potentially causing system crashes and preventing normal operation.
Mitigation strategies for CVE-2024-42124 require immediate kernel updates from vendors that include the resolved patch addressing the preemption violation in the qedf driver. System administrators should prioritize applying security patches that modify the qedf_execute_tmf() function to ensure it operates in a non-preemptible context before calling smp_processor_id(). Organizations running RT kernel configurations must verify that their storage subsystems are updated to prevent the BUG_ON() condition from occurring. The patch implementation should ensure that the function properly disables preemption before calling smp_processor_id() or restructures the code to avoid the problematic function call entirely. Additionally, system monitoring should be implemented to detect any potential preemption violations in kernel modules, as this type of issue can have cascading effects on system stability and performance in real-time environments where deterministic behavior is essential for proper operation.